1 /* 2 * ntp_io.c - input/output routines for ntpd. The socket-opening code 3 * was shamelessly stolen from ntpd. 4 */ 5 6 #ifdef HAVE_CONFIG_H 7 # include <config.h> 8 #endif 9 10 #include <stdio.h> 11 #include <signal.h> 12 #ifdef HAVE_FNMATCH_H 13 # include <fnmatch.h> 14 # if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE) 15 # define FNM_CASEFOLD FNM_IGNORECASE 16 # endif 17 #endif 18 #ifdef HAVE_SYS_PARAM_H 19 # include <sys/param.h> 20 #endif 21 #ifdef HAVE_SYS_IOCTL_H 22 # include <sys/ioctl.h> 23 #endif 24 #ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */ 25 # include <sys/sockio.h> 26 #endif 27 #ifdef HAVE_SYS_UIO_H 28 # include <sys/uio.h> 29 #endif 30 31 #include "ntp_machine.h" 32 #include "ntpd.h" 33 #include "ntp_io.h" 34 #include "iosignal.h" 35 #include "ntp_lists.h" 36 #include "ntp_refclock.h" 37 #include "ntp_stdlib.h" 38 #include "ntp_worker.h" 39 #include "ntp_request.h" 40 #include "ntp_assert.h" 41 #include "timevalops.h" 42 #include "timespecops.h" 43 #include "ntpd-opts.h" 44 45 /* Don't include ISC's version of IPv6 variables and structures */ 46 #define ISC_IPV6_H 1 47 #include <isc/mem.h> 48 #include <isc/interfaceiter.h> 49 #include <isc/netaddr.h> 50 #include <isc/result.h> 51 #include <isc/sockaddr.h> 52 53 #ifdef SIM 54 #include "ntpsim.h" 55 #endif 56 57 #ifdef HAS_ROUTING_SOCKET 58 # include <net/route.h> 59 # ifdef HAVE_RTNETLINK 60 # include <linux/rtnetlink.h> 61 # endif 62 #endif 63 64 65 /* 66 * setsockopt does not always have the same arg declaration 67 * across all platforms. If it's not defined we make it empty 68 */ 69 70 #ifndef SETSOCKOPT_ARG_CAST 71 #define SETSOCKOPT_ARG_CAST 72 #endif 73 74 extern int listen_to_virtual_ips; 75 76 /* 77 * NIC rule entry 78 */ 79 typedef struct nic_rule_tag nic_rule; 80 81 struct nic_rule_tag { 82 nic_rule * next; 83 nic_rule_action action; 84 nic_rule_match match_type; 85 char * if_name; 86 sockaddr_u addr; 87 int prefixlen; 88 }; 89 90 /* 91 * NIC rule listhead. Entries are added at the head so that the first 92 * match in the list is the last matching rule specified. 93 */ 94 nic_rule *nic_rule_list; 95 96 97 #if defined(SO_BINTIME) && defined(SCM_BINTIME) && defined(CMSG_FIRSTHDR) 98 # define HAVE_PACKET_TIMESTAMP 99 # define HAVE_BINTIME 100 # ifdef BINTIME_CTLMSGBUF_SIZE 101 # define CMSG_BUFSIZE BINTIME_CTLMSGBUF_SIZE 102 # else 103 # define CMSG_BUFSIZE 1536 /* moderate default */ 104 # endif 105 #elif defined(SO_TIMESTAMPNS) && defined(SCM_TIMESTAMPNS) && defined(CMSG_FIRSTHDR) 106 # define HAVE_PACKET_TIMESTAMP 107 # define HAVE_TIMESTAMPNS 108 # ifdef TIMESTAMPNS_CTLMSGBUF_SIZE 109 # define CMSG_BUFSIZE TIMESTAMPNS_CTLMSGBUF_SIZE 110 # else 111 # define CMSG_BUFSIZE 1536 /* moderate default */ 112 # endif 113 #elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP) && defined(CMSG_FIRSTHDR) 114 # define HAVE_PACKET_TIMESTAMP 115 # define HAVE_TIMESTAMP 116 # ifdef TIMESTAMP_CTLMSGBUF_SIZE 117 # define CMSG_BUFSIZE TIMESTAMP_CTLMSGBUF_SIZE 118 # else 119 # define CMSG_BUFSIZE 1536 /* moderate default */ 120 # endif 121 #else 122 /* fill in for old/other timestamp interfaces */ 123 #endif 124 125 #if defined(SYS_WINNT) 126 #include "win32_io.h" 127 #include <isc/win32os.h> 128 #endif 129 130 /* 131 * We do asynchronous input using the SIGIO facility. A number of 132 * recvbuf buffers are preallocated for input. In the signal 133 * handler we poll to see which sockets are ready and read the 134 * packets from them into the recvbuf's along with a time stamp and 135 * an indication of the source host and the interface it was received 136 * through. This allows us to get as accurate receive time stamps 137 * as possible independent of other processing going on. 138 * 139 * We watch the number of recvbufs available to the signal handler 140 * and allocate more when this number drops below the low water 141 * mark. If the signal handler should run out of buffers in the 142 * interim it will drop incoming frames, the idea being that it is 143 * better to drop a packet than to be inaccurate. 144 */ 145 146 147 /* 148 * Other statistics of possible interest 149 */ 150 volatile u_long packets_dropped; /* total number of packets dropped on reception */ 151 volatile u_long packets_ignored; /* packets received on wild card interface */ 152 volatile u_long packets_received; /* total number of packets received */ 153 u_long packets_sent; /* total number of packets sent */ 154 u_long packets_notsent; /* total number of packets which couldn't be sent */ 155 156 volatile u_long handler_calls; /* number of calls to interrupt handler */ 157 volatile u_long handler_pkts; /* number of pkts received by handler */ 158 u_long io_timereset; /* time counters were reset */ 159 160 /* 161 * Interface stuff 162 */ 163 endpt * any_interface; /* wildcard ipv4 interface */ 164 endpt * any6_interface; /* wildcard ipv6 interface */ 165 endpt * loopback_interface; /* loopback ipv4 interface */ 166 167 isc_boolean_t broadcast_client_enabled; /* is broadcast client enabled */ 168 u_int sys_ifnum; /* next .ifnum to assign */ 169 int ninterfaces; /* Total number of interfaces */ 170 171 int disable_dynamic_updates; /* scan interfaces once only */ 172 173 #ifdef REFCLOCK 174 /* 175 * Refclock stuff. We keep a chain of structures with data concerning 176 * the guys we are doing I/O for. 177 */ 178 static struct refclockio *refio; 179 #endif /* REFCLOCK */ 180 181 /* 182 * File descriptor masks etc. for call to select 183 * Not needed for I/O Completion Ports or anything outside this file 184 */ 185 static fd_set activefds; 186 static int maxactivefd; 187 188 /* 189 * bit alternating value to detect verified interfaces during an update cycle 190 */ 191 static u_short sys_interphase = 0; 192 193 static endpt * new_interface(endpt *); 194 static void add_interface(endpt *); 195 static int update_interfaces(u_short, interface_receiver_t, 196 void *); 197 static void remove_interface(endpt *); 198 static endpt * create_interface(u_short, endpt *); 199 200 static int is_wildcard_addr (const sockaddr_u *); 201 202 /* 203 * Multicast functions 204 */ 205 static isc_boolean_t addr_ismulticast (sockaddr_u *); 206 static isc_boolean_t is_not_bindable (sockaddr_u *, 207 const char *); 208 209 /* 210 * Not all platforms support multicast 211 */ 212 #ifdef MCAST 213 static isc_boolean_t socket_multicast_enable (endpt *, sockaddr_u *); 214 static isc_boolean_t socket_multicast_disable(endpt *, sockaddr_u *); 215 #endif 216 217 #ifdef DEBUG 218 static void interface_dump (const endpt *); 219 static void sockaddr_dump (const sockaddr_u *); 220 static void print_interface (const endpt *, const char *, const char *); 221 #define DPRINT_INTERFACE(level, args) do { if (debug >= (level)) { print_interface args; } } while (0) 222 #else 223 #define DPRINT_INTERFACE(level, args) do {} while (0) 224 #endif 225 226 typedef struct vsock vsock_t; 227 enum desc_type { FD_TYPE_SOCKET, FD_TYPE_FILE }; 228 229 struct vsock { 230 vsock_t * link; 231 SOCKET fd; 232 enum desc_type type; 233 }; 234 235 vsock_t *fd_list; 236 237 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 238 /* 239 * async notification processing (e. g. routing sockets) 240 */ 241 /* 242 * support for receiving data on fd that is not a refclock or a socket 243 * like e. g. routing sockets 244 */ 245 struct asyncio_reader { 246 struct asyncio_reader *link; /* the list this is being kept in */ 247 SOCKET fd; /* fd to be read */ 248 void *data; /* possibly local data */ 249 void (*receiver)(struct asyncio_reader *); /* input handler */ 250 }; 251 252 struct asyncio_reader *asyncio_reader_list; 253 254 static void delete_asyncio_reader (struct asyncio_reader *); 255 static struct asyncio_reader *new_asyncio_reader (void); 256 static void add_asyncio_reader (struct asyncio_reader *, enum desc_type); 257 static void remove_asyncio_reader (struct asyncio_reader *); 258 259 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 260 261 static void init_async_notifications (void); 262 263 static int addr_eqprefix (const sockaddr_u *, const sockaddr_u *, 264 int); 265 static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *, 266 const sockaddr_u *, const sockaddr_u *); 267 static int create_sockets (u_short); 268 static SOCKET open_socket (sockaddr_u *, int, int, endpt *); 269 static char * fdbits (int, fd_set *); 270 static void set_reuseaddr (int); 271 static isc_boolean_t socket_broadcast_enable (struct interface *, SOCKET, sockaddr_u *); 272 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 273 static isc_boolean_t socket_broadcast_disable (struct interface *, sockaddr_u *); 274 #endif 275 276 typedef struct remaddr remaddr_t; 277 278 struct remaddr { 279 remaddr_t * link; 280 sockaddr_u addr; 281 endpt * ep; 282 }; 283 284 remaddr_t * remoteaddr_list; 285 endpt * ep_list; /* complete endpt list */ 286 endpt * mc4_list; /* IPv4 mcast-capable unicast endpts */ 287 endpt * mc6_list; /* IPv6 mcast-capable unicast endpts */ 288 289 static endpt * wildipv4; 290 static endpt * wildipv6; 291 292 #ifdef SYS_WINNT 293 int accept_wildcard_if_for_winnt; 294 #else 295 const int accept_wildcard_if_for_winnt = FALSE; 296 #endif 297 298 static void add_fd_to_list (SOCKET, enum desc_type); 299 static endpt * find_addr_in_list (sockaddr_u *); 300 static endpt * find_flagged_addr_in_list(sockaddr_u *, u_int32); 301 static void delete_addr_from_list (sockaddr_u *); 302 static void delete_interface_from_list(endpt *); 303 static void close_and_delete_fd_from_list(SOCKET); 304 static void add_addr_to_list (sockaddr_u *, endpt *); 305 static void create_wildcards (u_short); 306 static endpt * findlocalinterface (sockaddr_u *, int, int); 307 static endpt * findclosestinterface (sockaddr_u *, int); 308 #ifdef DEBUG 309 static const char * action_text (nic_rule_action); 310 #endif 311 static nic_rule_action interface_action(char *, sockaddr_u *, u_int32); 312 static void convert_isc_if (isc_interface_t *, 313 endpt *, u_short); 314 static void calc_addr_distance(sockaddr_u *, 315 const sockaddr_u *, 316 const sockaddr_u *); 317 static int cmp_addr_distance(const sockaddr_u *, 318 const sockaddr_u *); 319 320 /* 321 * Routines to read the ntp packets 322 */ 323 #if !defined(HAVE_IO_COMPLETION_PORT) 324 static inline int read_network_packet (SOCKET, struct interface *, l_fp); 325 static void ntpd_addremove_io_fd (int, int, int); 326 static input_handler_t input_handler; 327 #ifdef REFCLOCK 328 static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp); 329 #endif 330 #endif 331 332 333 334 #ifndef HAVE_IO_COMPLETION_PORT 335 void 336 maintain_activefds( 337 int fd, 338 int closing 339 ) 340 { 341 int i; 342 343 if (fd < 0 || fd >= FD_SETSIZE) { 344 msyslog(LOG_ERR, 345 "Too many sockets in use, FD_SETSIZE %d exceeded by fd %d", 346 FD_SETSIZE, fd); 347 exit(1); 348 } 349 350 if (!closing) { 351 FD_SET(fd, &activefds); 352 maxactivefd = max(fd, maxactivefd); 353 } else { 354 FD_CLR(fd, &activefds); 355 if (maxactivefd && fd == maxactivefd) { 356 for (i = maxactivefd - 1; i >= 0; i--) 357 if (FD_ISSET(i, &activefds)) { 358 maxactivefd = i; 359 break; 360 } 361 NTP_INSIST(fd != maxactivefd); 362 } 363 } 364 } 365 #endif /* !HAVE_IO_COMPLETION_PORT */ 366 367 368 #ifdef DEBUG_TIMING 369 /* 370 * collect timing information for various processing 371 * paths. currently we only pass them on to the file 372 * for later processing. this could also do histogram 373 * based analysis in other to reduce the load (and skew) 374 * dur to the file output 375 */ 376 void 377 collect_timing(struct recvbuf *rb, const char *tag, int count, l_fp *dts) 378 { 379 char buf[256]; 380 381 snprintf(buf, sizeof(buf), "%s %d %s %s", 382 (rb != NULL) 383 ? ((rb->dstadr != NULL) 384 ? stoa(&rb->recv_srcadr) 385 : "-REFCLOCK-") 386 : "-", 387 count, lfptoa(dts, 9), tag); 388 record_timing_stats(buf); 389 } 390 #endif 391 392 /* 393 * About dynamic interfaces, sockets, reception and more... 394 * 395 * the code solves following tasks: 396 * 397 * - keep a current list of active interfaces in order 398 * to bind to to the interface address on NTP_PORT so that 399 * all wild and specific bindings for NTP_PORT are taken by ntpd 400 * to avoid other daemons messing with the time or sockets. 401 * - all interfaces keep a list of peers that are referencing 402 * the interface in order to quickly re-assign the peers to 403 * new interface in case an interface is deleted (=> gone from system or 404 * down) 405 * - have a preconfigured socket ready with the right local address 406 * for transmission and reception 407 * - have an address list for all destination addresses used within ntpd 408 * to find the "right" preconfigured socket. 409 * - facilitate updating the internal interface list with respect to 410 * the current kernel state 411 * 412 * special issues: 413 * 414 * - mapping of multicast addresses to the interface affected is not always 415 * one to one - especially on hosts with multiple interfaces 416 * the code here currently allocates a separate interface entry for those 417 * multicast addresses 418 * iff it is able to bind to a *new* socket with the multicast address (flags |= MCASTIF) 419 * in case of failure the multicast address is bound to an existing interface. 420 * - on some systems it is perfectly legal to assign the same address to 421 * multiple interfaces. Therefore this code does not keep a list of interfaces 422 * but a list of interfaces that represent a unique address as determined by the kernel 423 * by the procedure in findlocalinterface. Thus it is perfectly legal to see only 424 * one representative of a group of real interfaces if they share the same address. 425 * 426 * Frank Kardel 20050910 427 */ 428 429 /* 430 * init_io - initialize I/O module. 431 */ 432 void 433 init_io(void) 434 { 435 /* Init buffer free list and stat counters */ 436 init_recvbuff(RECV_INIT); 437 /* update interface every 5 minutes as default */ 438 interface_interval = 300; 439 440 #ifdef WORK_PIPE 441 addremove_io_fd = &ntpd_addremove_io_fd; 442 #endif 443 444 #ifdef SYS_WINNT 445 init_io_completion_port(); 446 #endif 447 448 #if defined(HAVE_SIGNALED_IO) 449 (void) set_signal(input_handler); 450 #endif 451 } 452 453 454 static void 455 ntpd_addremove_io_fd( 456 int fd, 457 int is_pipe, 458 int remove_it 459 ) 460 { 461 UNUSED_ARG(is_pipe); 462 463 #ifdef HAVE_SIGNALED_IO 464 init_socket_sig(fd); 465 #endif /* not HAVE_SIGNALED_IO */ 466 467 maintain_activefds(fd, remove_it); 468 } 469 470 471 /* 472 * io_open_sockets - call socket creation routine 473 */ 474 void 475 io_open_sockets(void) 476 { 477 static int already_opened; 478 479 if (already_opened || HAVE_OPT( SAVECONFIGQUIT )) 480 return; 481 482 already_opened = 1; 483 484 /* 485 * Create the sockets 486 */ 487 BLOCKIO(); 488 create_sockets(NTP_PORT); 489 UNBLOCKIO(); 490 491 init_async_notifications(); 492 493 DPRINTF(3, ("io_open_sockets: maxactivefd %d\n", maxactivefd)); 494 } 495 496 497 #ifdef DEBUG 498 /* 499 * function to dump the contents of the interface structure 500 * for debugging use only. 501 */ 502 void 503 interface_dump(const endpt *itf) 504 { 505 printf("Dumping interface: %p\n", itf); 506 printf("fd = %d\n", itf->fd); 507 printf("bfd = %d\n", itf->bfd); 508 printf("sin = %s,\n", stoa(&itf->sin)); 509 sockaddr_dump(&itf->sin); 510 printf("bcast = %s,\n", stoa(&itf->bcast)); 511 sockaddr_dump(&itf->bcast); 512 printf("mask = %s,\n", stoa(&itf->mask)); 513 sockaddr_dump(&itf->mask); 514 printf("name = %s\n", itf->name); 515 printf("flags = 0x%08x\n", itf->flags); 516 printf("last_ttl = %d\n", itf->last_ttl); 517 printf("addr_refid = %08x\n", itf->addr_refid); 518 printf("num_mcast = %d\n", itf->num_mcast); 519 printf("received = %ld\n", itf->received); 520 printf("sent = %ld\n", itf->sent); 521 printf("notsent = %ld\n", itf->notsent); 522 printf("ifindex = %u\n", itf->ifindex); 523 printf("peercnt = %u\n", itf->peercnt); 524 printf("phase = %u\n", itf->phase); 525 } 526 527 /* 528 * sockaddr_dump - hex dump the start of a sockaddr_u 529 */ 530 static void 531 sockaddr_dump(const sockaddr_u *psau) 532 { 533 /* Limit the size of the sockaddr_in6 hex dump */ 534 const int maxsize = min(32, sizeof(psau->sa6)); 535 const u_char * cp; 536 int i; 537 538 /* XXX: Should we limit maxsize based on psau->saX.sin_family? */ 539 cp = (const void *)&psau->sa6; 540 541 for(i = 0; i < maxsize; i++) { 542 printf("%02x", *cp++); 543 if (!((i + 1) % 4)) 544 printf(" "); 545 } 546 printf("\n"); 547 } 548 549 /* 550 * print_interface - helper to output debug information 551 */ 552 static void 553 print_interface(const endpt *iface, const char *pfx, const char *sfx) 554 { 555 printf("%sinterface #%d: fd=%d, bfd=%d, name=%s, flags=0x%x, ifindex=%u, sin=%s", 556 pfx, 557 iface->ifnum, 558 iface->fd, 559 iface->bfd, 560 iface->name, 561 iface->flags, 562 iface->ifindex, 563 stoa(&iface->sin)); 564 if (AF_INET == iface->family) { 565 if (iface->flags & INT_BROADCAST) 566 printf(", bcast=%s", stoa(&iface->bcast)); 567 printf(", mask=%s", stoa(&iface->mask)); 568 } 569 printf(", %s:%s", 570 (iface->ignore_packets) 571 ? "Disabled" 572 : "Enabled", 573 sfx); 574 if (debug > 4) /* in-depth debugging only */ 575 interface_dump(iface); 576 } 577 #endif 578 579 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 580 /* 581 * create an asyncio_reader structure 582 */ 583 static struct asyncio_reader * 584 new_asyncio_reader(void) 585 { 586 struct asyncio_reader *reader; 587 588 reader = emalloc_zero(sizeof(*reader)); 589 reader->fd = INVALID_SOCKET; 590 591 return reader; 592 } 593 594 /* 595 * delete a reader 596 */ 597 static void 598 delete_asyncio_reader( 599 struct asyncio_reader *reader 600 ) 601 { 602 free(reader); 603 } 604 605 /* 606 * add asynchio_reader 607 */ 608 static void 609 add_asyncio_reader( 610 struct asyncio_reader * reader, 611 enum desc_type type) 612 { 613 LINK_SLIST(asyncio_reader_list, reader, link); 614 add_fd_to_list(reader->fd, type); 615 } 616 617 /* 618 * remove asynchio_reader 619 */ 620 static void 621 remove_asyncio_reader( 622 struct asyncio_reader *reader 623 ) 624 { 625 struct asyncio_reader *unlinked; 626 627 UNLINK_SLIST(unlinked, asyncio_reader_list, reader, link, 628 struct asyncio_reader); 629 630 if (reader->fd != INVALID_SOCKET) 631 close_and_delete_fd_from_list(reader->fd); 632 633 reader->fd = INVALID_SOCKET; 634 } 635 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 636 637 638 /* compare two sockaddr prefixes */ 639 static int 640 addr_eqprefix( 641 const sockaddr_u * a, 642 const sockaddr_u * b, 643 int prefixlen 644 ) 645 { 646 isc_netaddr_t isc_a; 647 isc_netaddr_t isc_b; 648 isc_sockaddr_t isc_sa; 649 650 ZERO(isc_sa); 651 memcpy(&isc_sa.type, a, min(sizeof(isc_sa.type), sizeof(*a))); 652 isc_netaddr_fromsockaddr(&isc_a, &isc_sa); 653 654 ZERO(isc_sa); 655 memcpy(&isc_sa.type, b, min(sizeof(isc_sa.type), sizeof(*b))); 656 isc_netaddr_fromsockaddr(&isc_b, &isc_sa); 657 658 return (int)isc_netaddr_eqprefix(&isc_a, &isc_b, 659 (u_int)prefixlen); 660 } 661 662 663 static int 664 addr_samesubnet( 665 const sockaddr_u * a, 666 const sockaddr_u * a_mask, 667 const sockaddr_u * b, 668 const sockaddr_u * b_mask 669 ) 670 { 671 const u_int32 * pa; 672 const u_int32 * pa_limit; 673 const u_int32 * pb; 674 const u_int32 * pm; 675 size_t loops; 676 677 NTP_REQUIRE(AF(a) == AF(a_mask)); 678 NTP_REQUIRE(AF(b) == AF(b_mask)); 679 /* 680 * With address and mask families verified to match, comparing 681 * the masks also validates the address's families match. 682 */ 683 if (!SOCK_EQ(a_mask, b_mask)) 684 return FALSE; 685 686 if (IS_IPV6(a)) { 687 loops = sizeof(NSRCADR6(a)) / sizeof(*pa); 688 pa = (const void *)&NSRCADR6(a); 689 pb = (const void *)&NSRCADR6(b); 690 pm = (const void *)&NSRCADR6(a_mask); 691 } else { 692 loops = sizeof(NSRCADR(a)) / sizeof(*pa); 693 pa = (const void *)&NSRCADR(a); 694 pb = (const void *)&NSRCADR(b); 695 pm = (const void *)&NSRCADR(a_mask); 696 } 697 for (pa_limit = pa + loops; pa < pa_limit; pa++, pb++, pm++) 698 if ((*pa & *pm) != (*pb & *pm)) 699 return FALSE; 700 701 return TRUE; 702 } 703 704 705 /* 706 * Code to tell if we have an IP address 707 * If we have then return the sockaddr structure 708 * and set the return value 709 * see the bind9/getaddresses.c for details 710 */ 711 int 712 is_ip_address( 713 const char * host, 714 u_short af, 715 sockaddr_u * addr 716 ) 717 { 718 struct in_addr in4; 719 struct addrinfo hints; 720 struct addrinfo *result; 721 struct sockaddr_in6 *resaddr6; 722 char tmpbuf[128]; 723 char *pch; 724 725 NTP_REQUIRE(host != NULL); 726 NTP_REQUIRE(addr != NULL); 727 728 ZERO_SOCK(addr); 729 730 /* 731 * Try IPv4, then IPv6. In order to handle the extended format 732 * for IPv6 scoped addresses (address%scope_ID), we'll use a local 733 * working buffer of 128 bytes. The length is an ad-hoc value, but 734 * should be enough for this purpose; the buffer can contain a string 735 * of at least 80 bytes for scope_ID in addition to any IPv6 numeric 736 * addresses (up to 46 bytes), the delimiter character and the 737 * terminating NULL character. 738 */ 739 if (AF_UNSPEC == af || AF_INET == af) 740 if (inet_pton(AF_INET, host, &in4) == 1) { 741 AF(addr) = AF_INET; 742 SET_ADDR4N(addr, in4.s_addr); 743 744 return TRUE; 745 } 746 747 if (AF_UNSPEC == af || AF_INET6 == af) 748 if (sizeof(tmpbuf) > strlen(host)) { 749 if ('[' == host[0]) { 750 strlcpy(tmpbuf, &host[1], sizeof(tmpbuf)); 751 pch = strchr(tmpbuf, ']'); 752 if (pch != NULL) 753 *pch = '\0'; 754 } else { 755 strlcpy(tmpbuf, host, sizeof(tmpbuf)); 756 } 757 ZERO(hints); 758 hints.ai_family = AF_INET6; 759 hints.ai_flags |= AI_NUMERICHOST; 760 if (getaddrinfo(tmpbuf, NULL, &hints, &result) == 0) { 761 AF(addr) = AF_INET6; 762 resaddr6 = (struct sockaddr_in6 *)result->ai_addr; 763 SET_ADDR6N(addr, resaddr6->sin6_addr); 764 SET_SCOPE(addr, resaddr6->sin6_scope_id); 765 766 freeaddrinfo(result); 767 return TRUE; 768 } 769 } 770 /* 771 * If we got here it was not an IP address 772 */ 773 return FALSE; 774 } 775 776 777 /* 778 * interface list enumerator - visitor pattern 779 */ 780 void 781 interface_enumerate( 782 interface_receiver_t receiver, 783 void * data 784 ) 785 { 786 interface_info_t ifi; 787 788 ifi.action = IFS_EXISTS; 789 for (ifi.ep = ep_list; ifi.ep != NULL; ifi.ep = ifi.ep->elink) 790 (*receiver)(data, &ifi); 791 } 792 793 /* 794 * do standard initialization of interface structure 795 */ 796 static void 797 init_interface( 798 endpt *ep 799 ) 800 { 801 ZERO(*ep); 802 ep->fd = INVALID_SOCKET; 803 ep->bfd = INVALID_SOCKET; 804 ep->phase = sys_interphase; 805 } 806 807 808 /* 809 * create new interface structure initialize from 810 * template structure or via standard initialization 811 * function 812 */ 813 static struct interface * 814 new_interface( 815 struct interface *interface 816 ) 817 { 818 struct interface * iface; 819 820 iface = emalloc(sizeof(*iface)); 821 822 if (NULL == interface) 823 init_interface(iface); 824 else /* use the template */ 825 memcpy(iface, interface, sizeof(*iface)); 826 827 /* count every new instance of an interface in the system */ 828 iface->ifnum = sys_ifnum++; 829 iface->starttime = current_time; 830 831 return iface; 832 } 833 834 835 /* 836 * return interface storage into free memory pool 837 */ 838 static inline void 839 delete_interface( 840 endpt *ep 841 ) 842 { 843 free(ep); 844 } 845 846 847 /* 848 * link interface into list of known interfaces 849 */ 850 static void 851 add_interface( 852 endpt * ep 853 ) 854 { 855 endpt ** pmclisthead; 856 endpt * scan; 857 endpt * scan_next; 858 endpt * unlinked; 859 sockaddr_u * addr; 860 int ep_local; 861 int scan_local; 862 int same_subnet; 863 int ep_univ_iid; /* iface ID from MAC address */ 864 int scan_univ_iid; /* see RFC 4291 */ 865 int ep_privacy; /* random local iface ID */ 866 int scan_privacy; /* see RFC 4941 */ 867 int rc; 868 869 /* Calculate the refid */ 870 ep->addr_refid = addr2refid(&ep->sin); 871 /* link at tail so ntpdc -c ifstats index increases each row */ 872 LINK_TAIL_SLIST(ep_list, ep, elink, endpt); 873 ninterfaces++; 874 #ifdef MCAST 875 /* the rest is for enabled multicast-capable addresses only */ 876 if (ep->ignore_packets || !(INT_MULTICAST & ep->flags) || 877 INT_LOOPBACK & ep->flags) 878 return; 879 # ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 880 if (AF_INET6 == ep->family) 881 return; 882 # endif 883 pmclisthead = (AF_INET == ep->family) 884 ? &mc4_list 885 : &mc6_list; 886 887 if (AF_INET6 == ep->family) { 888 ep_local = 889 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&ep->sin)) || 890 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(&ep->sin)); 891 ep_univ_iid = IS_IID_UNIV(&ep->sin); 892 ep_privacy = !!(INT_PRIVACY & ep->flags); 893 } else { 894 ep_local = FALSE; 895 ep_univ_iid = FALSE; 896 ep_privacy = FALSE; 897 } 898 DPRINTF(4, ("add_interface mcast-capable %s%s%s%s\n", 899 stoa(&ep->sin), 900 (ep_local) ? " link/scope-local" : "", 901 (ep_univ_iid) ? " univ-IID" : "", 902 (ep_privacy) ? " privacy" : "")); 903 /* 904 * If we have multiple local addresses on the same network 905 * interface, and some are link- or site-local, do not multicast 906 * out from the link-/site-local addresses by default, to avoid 907 * duplicate manycastclient associations between v6 peers using 908 * link-local and global addresses. link-local can still be 909 * chosen using "nic ignore myv6globalprefix::/64". 910 * Similarly, if we have multiple global addresses from the same 911 * prefix on the same network interface, multicast from one, 912 * preferring EUI-64, then static, then least RFC 4941 privacy 913 * addresses. 914 */ 915 for (scan = *pmclisthead; scan != NULL; scan = scan_next) { 916 scan_next = scan->mclink; 917 if (ep->family != scan->family) 918 continue; 919 if (strcmp(ep->name, scan->name)) 920 continue; 921 same_subnet = addr_samesubnet(&ep->sin, &ep->mask, 922 &scan->sin, &scan->mask); 923 if (AF_INET6 == ep->family) { 924 addr = &scan->sin; 925 scan_local = 926 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(addr)) || 927 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(addr)); 928 scan_univ_iid = IS_IID_UNIV(addr); 929 scan_privacy = !!(INT_PRIVACY & scan->flags); 930 } else { 931 scan_local = FALSE; 932 scan_univ_iid = FALSE; 933 scan_privacy = FALSE; 934 } 935 DPRINTF(4, ("add_interface mcast-capable scan %s%s%s%s\n", 936 stoa(&scan->sin), 937 (scan_local) ? " link/scope-local" : "", 938 (scan_univ_iid) ? " univ-IID" : "", 939 (scan_privacy) ? " privacy" : "")); 940 if ((ep_local && !scan_local) || (same_subnet && 941 ((ep_privacy && !scan_privacy) || 942 (!ep_univ_iid && scan_univ_iid)))) { 943 DPRINTF(4, ("did not add %s to %s of IPv6 multicast-capable list which already has %s\n", 944 stoa(&ep->sin), 945 (ep_local) 946 ? "tail" 947 : "head", 948 stoa(&scan->sin))); 949 return; 950 } 951 if ((scan_local && !ep_local) || (same_subnet && 952 ((scan_privacy && !ep_privacy) || 953 (!scan_univ_iid && ep_univ_iid)))) { 954 UNLINK_SLIST(unlinked, *pmclisthead, 955 scan, mclink, endpt); 956 DPRINTF(4, ("%s %s from IPv6 multicast-capable list to add %s\n", 957 (unlinked != scan) 958 ? "Failed to remove" 959 : "removed", 960 stoa(&scan->sin), stoa(&ep->sin))); 961 } 962 } 963 /* 964 * Add link/site local at the tail of the multicast- 965 * capable unicast interfaces list, so that ntpd will 966 * send from global addresses before link-/site-local 967 * ones. 968 */ 969 if (ep_local) 970 LINK_TAIL_SLIST(*pmclisthead, ep, mclink, endpt); 971 else 972 LINK_SLIST(*pmclisthead, ep, mclink); 973 DPRINTF(4, ("added %s to %s of IPv%s multicast-capable unicast local address list\n", 974 stoa(&ep->sin), 975 (ep_local) 976 ? "tail" 977 : "head", 978 (AF_INET == ep->family) 979 ? "4" 980 : "6")); 981 982 if (INVALID_SOCKET == ep->fd) 983 return; 984 985 /* 986 * select the local address from which to send to multicast. 987 */ 988 switch (AF(&ep->sin)) { 989 990 case AF_INET : 991 rc = setsockopt(ep->fd, IPPROTO_IP, 992 IP_MULTICAST_IF, 993 (void *)&NSRCADR(&ep->sin), 994 sizeof(NSRCADR(&ep->sin))); 995 if (rc) 996 msyslog(LOG_ERR, 997 "setsockopt IP_MULTICAST_IF %s fails: %m", 998 stoa(&ep->sin)); 999 break; 1000 1001 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 1002 case AF_INET6 : 1003 rc = setsockopt(ep->fd, IPPROTO_IPV6, 1004 IPV6_MULTICAST_IF, 1005 (void *)&ep->ifindex, 1006 sizeof(ep->ifindex)); 1007 /* do not complain if bound addr scope is ifindex */ 1008 if (rc && ep->ifindex != SCOPE(&ep->sin)) 1009 msyslog(LOG_ERR, 1010 "setsockopt IPV6_MULTICAST_IF %u for %s fails: %m", 1011 ep->ifindex, stoa(&ep->sin)); 1012 break; 1013 # endif 1014 } 1015 #endif /* MCAST */ 1016 } 1017 1018 1019 /* 1020 * remove interface from known interface list and clean up 1021 * associated resources 1022 */ 1023 static void 1024 remove_interface( 1025 endpt * ep 1026 ) 1027 { 1028 endpt * unlinked; 1029 endpt ** pmclisthead; 1030 sockaddr_u resmask; 1031 1032 UNLINK_SLIST(unlinked, ep_list, ep, elink, endpt); 1033 if (!ep->ignore_packets && INT_MULTICAST & ep->flags) { 1034 pmclisthead = (AF_INET == ep->family) 1035 ? &mc4_list 1036 : &mc6_list; 1037 UNLINK_SLIST(unlinked, *pmclisthead, ep, mclink, endpt); 1038 DPRINTF(4, ("%s %s IPv%s multicast-capable unicast local address list\n", 1039 stoa(&ep->sin), 1040 (unlinked != NULL) 1041 ? "removed from" 1042 : "not found on", 1043 (AF_INET == ep->family) 1044 ? "4" 1045 : "6")); 1046 } 1047 delete_interface_from_list(ep); 1048 1049 if (ep->fd != INVALID_SOCKET) { 1050 msyslog(LOG_INFO, 1051 "Deleting interface #%d %s, %s#%d, interface stats: received=%ld, sent=%ld, dropped=%ld, active_time=%ld secs", 1052 ep->ifnum, 1053 ep->name, 1054 stoa(&ep->sin), 1055 SRCPORT(&ep->sin), 1056 ep->received, 1057 ep->sent, 1058 ep->notsent, 1059 current_time - ep->starttime); 1060 close_and_delete_fd_from_list(ep->fd); 1061 ep->fd = INVALID_SOCKET; 1062 } 1063 1064 if (ep->bfd != INVALID_SOCKET) { 1065 msyslog(LOG_INFO, 1066 "stop listening for broadcasts to %s on interface #%d %s", 1067 stoa(&ep->bcast), ep->ifnum, ep->name); 1068 close_and_delete_fd_from_list(ep->bfd); 1069 ep->bfd = INVALID_SOCKET; 1070 ep->flags &= ~INT_BCASTOPEN; 1071 } 1072 1073 ninterfaces--; 1074 mon_clearinterface(ep); 1075 1076 /* remove restrict interface entry */ 1077 SET_HOSTMASK(&resmask, AF(&ep->sin)); 1078 hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask, 1079 RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 1080 } 1081 1082 1083 static void 1084 log_listen_address( 1085 endpt * ep 1086 ) 1087 { 1088 msyslog(LOG_INFO, "%s on %d %s %s", 1089 (ep->ignore_packets) 1090 ? "Listen and drop" 1091 : "Listen normally", 1092 ep->ifnum, 1093 ep->name, 1094 sptoa(&ep->sin)); 1095 } 1096 1097 1098 static void 1099 create_wildcards( 1100 u_short port 1101 ) 1102 { 1103 int v4wild; 1104 #ifdef INCLUDE_IPV6_SUPPORT 1105 int v6wild; 1106 #endif 1107 sockaddr_u wildaddr; 1108 nic_rule_action action; 1109 struct interface * wildif; 1110 1111 /* 1112 * silence "potentially uninitialized" warnings from VC9 1113 * failing to follow the logic. Ideally action could remain 1114 * uninitialized, and the memset be the first statement under 1115 * the first if (v4wild). 1116 */ 1117 action = ACTION_LISTEN; 1118 ZERO(wildaddr); 1119 1120 #ifdef INCLUDE_IPV6_SUPPORT 1121 /* 1122 * create pseudo-interface with wildcard IPv6 address 1123 */ 1124 v6wild = ipv6_works; 1125 if (v6wild) { 1126 /* set wildaddr to the v6 wildcard address :: */ 1127 ZERO(wildaddr); 1128 AF(&wildaddr) = AF_INET6; 1129 SET_ADDR6N(&wildaddr, in6addr_any); 1130 SET_PORT(&wildaddr, port); 1131 SET_SCOPE(&wildaddr, 0); 1132 1133 /* check for interface/nic rules affecting the wildcard */ 1134 action = interface_action(NULL, &wildaddr, 0); 1135 v6wild = (ACTION_IGNORE != action); 1136 } 1137 if (v6wild) { 1138 wildif = new_interface(NULL); 1139 1140 strlcpy(wildif->name, "v6wildcard", sizeof(wildif->name)); 1141 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1142 wildif->family = AF_INET6; 1143 AF(&wildif->mask) = AF_INET6; 1144 SET_ONESMASK(&wildif->mask); 1145 1146 wildif->flags = INT_UP | INT_WILDCARD; 1147 wildif->ignore_packets = (ACTION_DROP == action); 1148 1149 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1150 1151 if (wildif->fd != INVALID_SOCKET) { 1152 wildipv6 = wildif; 1153 any6_interface = wildif; 1154 add_addr_to_list(&wildif->sin, wildif); 1155 add_interface(wildif); 1156 log_listen_address(wildif); 1157 } else { 1158 msyslog(LOG_ERR, 1159 "unable to bind to wildcard address %s - another process may be running - EXITING", 1160 stoa(&wildif->sin)); 1161 exit(1); 1162 } 1163 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1164 } 1165 #endif 1166 1167 /* 1168 * create pseudo-interface with wildcard IPv4 address 1169 */ 1170 v4wild = ipv4_works; 1171 if (v4wild) { 1172 /* set wildaddr to the v4 wildcard address 0.0.0.0 */ 1173 AF(&wildaddr) = AF_INET; 1174 SET_ADDR4N(&wildaddr, INADDR_ANY); 1175 SET_PORT(&wildaddr, port); 1176 1177 /* check for interface/nic rules affecting the wildcard */ 1178 action = interface_action(NULL, &wildaddr, 0); 1179 v4wild = (ACTION_IGNORE != action); 1180 } 1181 if (v4wild) { 1182 wildif = new_interface(NULL); 1183 1184 strlcpy(wildif->name, "v4wildcard", sizeof(wildif->name)); 1185 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1186 wildif->family = AF_INET; 1187 AF(&wildif->mask) = AF_INET; 1188 SET_ONESMASK(&wildif->mask); 1189 1190 wildif->flags = INT_BROADCAST | INT_UP | INT_WILDCARD; 1191 wildif->ignore_packets = (ACTION_DROP == action); 1192 #if defined(MCAST) 1193 /* 1194 * enable multicast reception on the broadcast socket 1195 */ 1196 AF(&wildif->bcast) = AF_INET; 1197 SET_ADDR4N(&wildif->bcast, INADDR_ANY); 1198 SET_PORT(&wildif->bcast, port); 1199 #endif /* MCAST */ 1200 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1201 1202 if (wildif->fd != INVALID_SOCKET) { 1203 wildipv4 = wildif; 1204 any_interface = wildif; 1205 1206 add_addr_to_list(&wildif->sin, wildif); 1207 add_interface(wildif); 1208 log_listen_address(wildif); 1209 } else { 1210 msyslog(LOG_ERR, 1211 "unable to bind to wildcard address %s - another process may be running - EXITING", 1212 stoa(&wildif->sin)); 1213 exit(1); 1214 } 1215 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1216 } 1217 } 1218 1219 1220 /* 1221 * add_nic_rule() -- insert a rule entry at the head of nic_rule_list. 1222 */ 1223 void 1224 add_nic_rule( 1225 nic_rule_match match_type, 1226 const char * if_name, /* interface name or numeric address */ 1227 int prefixlen, 1228 nic_rule_action action 1229 ) 1230 { 1231 nic_rule * rule; 1232 isc_boolean_t is_ip; 1233 1234 rule = emalloc_zero(sizeof(*rule)); 1235 rule->match_type = match_type; 1236 rule->prefixlen = prefixlen; 1237 rule->action = action; 1238 1239 if (MATCH_IFNAME == match_type) { 1240 NTP_REQUIRE(NULL != if_name); 1241 rule->if_name = estrdup(if_name); 1242 } else if (MATCH_IFADDR == match_type) { 1243 NTP_REQUIRE(NULL != if_name); 1244 /* set rule->addr */ 1245 is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr); 1246 NTP_REQUIRE(is_ip); 1247 } else 1248 NTP_REQUIRE(NULL == if_name); 1249 1250 LINK_SLIST(nic_rule_list, rule, next); 1251 } 1252 1253 1254 #ifdef DEBUG 1255 static const char * 1256 action_text( 1257 nic_rule_action action 1258 ) 1259 { 1260 const char *t; 1261 1262 switch (action) { 1263 1264 default: 1265 t = "ERROR"; /* quiet uninit warning */ 1266 DPRINTF(1, ("fatal: unknown nic_rule_action %d\n", 1267 action)); 1268 NTP_ENSURE(0); 1269 break; 1270 1271 case ACTION_LISTEN: 1272 t = "listen"; 1273 break; 1274 1275 case ACTION_IGNORE: 1276 t = "ignore"; 1277 break; 1278 1279 case ACTION_DROP: 1280 t = "drop"; 1281 break; 1282 } 1283 1284 return t; 1285 } 1286 #endif /* DEBUG */ 1287 1288 1289 static nic_rule_action 1290 interface_action( 1291 char * if_name, 1292 sockaddr_u * if_addr, 1293 u_int32 if_flags 1294 ) 1295 { 1296 nic_rule * rule; 1297 int isloopback; 1298 int iswildcard; 1299 1300 DPRINTF(4, ("interface_action: interface %s ", 1301 (if_name != NULL) ? if_name : "wildcard")); 1302 1303 iswildcard = is_wildcard_addr(if_addr); 1304 isloopback = !!(INT_LOOPBACK & if_flags); 1305 1306 /* 1307 * Find any matching NIC rule from --interface / -I or ntp.conf 1308 * interface/nic rules. 1309 */ 1310 for (rule = nic_rule_list; rule != NULL; rule = rule->next) { 1311 1312 switch (rule->match_type) { 1313 1314 case MATCH_ALL: 1315 /* loopback and wildcard excluded from "all" */ 1316 if (isloopback || iswildcard) 1317 break; 1318 DPRINTF(4, ("nic all %s\n", 1319 action_text(rule->action))); 1320 return rule->action; 1321 1322 case MATCH_IPV4: 1323 if (IS_IPV4(if_addr)) { 1324 DPRINTF(4, ("nic ipv4 %s\n", 1325 action_text(rule->action))); 1326 return rule->action; 1327 } 1328 break; 1329 1330 case MATCH_IPV6: 1331 if (IS_IPV6(if_addr)) { 1332 DPRINTF(4, ("nic ipv6 %s\n", 1333 action_text(rule->action))); 1334 return rule->action; 1335 } 1336 break; 1337 1338 case MATCH_WILDCARD: 1339 if (iswildcard) { 1340 DPRINTF(4, ("nic wildcard %s\n", 1341 action_text(rule->action))); 1342 return rule->action; 1343 } 1344 break; 1345 1346 case MATCH_IFADDR: 1347 if (rule->prefixlen != -1) { 1348 if (addr_eqprefix(if_addr, &rule->addr, 1349 rule->prefixlen)) { 1350 1351 DPRINTF(4, ("subnet address match - %s\n", 1352 action_text(rule->action))); 1353 return rule->action; 1354 } 1355 } else 1356 if (SOCK_EQ(if_addr, &rule->addr)) { 1357 1358 DPRINTF(4, ("address match - %s\n", 1359 action_text(rule->action))); 1360 return rule->action; 1361 } 1362 break; 1363 1364 case MATCH_IFNAME: 1365 if (if_name != NULL 1366 #if defined(HAVE_FNMATCH) && defined(FNM_CASEFOLD) 1367 && !fnmatch(rule->if_name, if_name, FNM_CASEFOLD) 1368 #else 1369 && !strcasecmp(if_name, rule->if_name) 1370 #endif 1371 ) { 1372 1373 DPRINTF(4, ("interface name match - %s\n", 1374 action_text(rule->action))); 1375 return rule->action; 1376 } 1377 break; 1378 } 1379 } 1380 1381 /* 1382 * Unless explicitly disabled such as with "nic ignore ::1" 1383 * listen on loopback addresses. Since ntpq and ntpdc query 1384 * "localhost" by default, which typically resolves to ::1 and 1385 * 127.0.0.1, it's useful to default to listening on both. 1386 */ 1387 if (isloopback) { 1388 DPRINTF(4, ("default loopback listen\n")); 1389 return ACTION_LISTEN; 1390 } 1391 1392 /* 1393 * Treat wildcard addresses specially. If there is no explicit 1394 * "nic ... wildcard" or "nic ... 0.0.0.0" or "nic ... ::" rule 1395 * default to drop. 1396 */ 1397 if (iswildcard) { 1398 DPRINTF(4, ("default wildcard drop\n")); 1399 return ACTION_DROP; 1400 } 1401 1402 /* 1403 * Check for "virtual IP" (colon in the interface name) after 1404 * the rules so that "ntpd --interface eth0:1 -novirtualips" 1405 * does indeed listen on eth0:1's addresses. 1406 */ 1407 if (!listen_to_virtual_ips && if_name != NULL 1408 && (strchr(if_name, ':') != NULL)) { 1409 1410 DPRINTF(4, ("virtual ip - ignore\n")); 1411 return ACTION_IGNORE; 1412 } 1413 1414 /* 1415 * If there are no --interface/-I command-line options and no 1416 * interface/nic rules in ntp.conf, the default action is to 1417 * listen. In the presence of rules from either, the default 1418 * is to ignore. This implements ntpd's traditional listen- 1419 * every default with no interface listen configuration, and 1420 * ensures a single -I eth0 or "nic listen eth0" means do not 1421 * listen on any other addresses. 1422 */ 1423 if (NULL == nic_rule_list) { 1424 DPRINTF(4, ("default listen\n")); 1425 return ACTION_LISTEN; 1426 } 1427 1428 DPRINTF(4, ("implicit ignore\n")); 1429 return ACTION_IGNORE; 1430 } 1431 1432 1433 static void 1434 convert_isc_if( 1435 isc_interface_t *isc_if, 1436 endpt *itf, 1437 u_short port 1438 ) 1439 { 1440 const u_char v6loop[16] = {0, 0, 0, 0, 0, 0, 0, 0, 1441 0, 0, 0, 0, 0, 0, 0, 1}; 1442 1443 strlcpy(itf->name, isc_if->name, sizeof(itf->name)); 1444 itf->ifindex = isc_if->ifindex; 1445 itf->family = (u_short)isc_if->af; 1446 AF(&itf->sin) = itf->family; 1447 AF(&itf->mask) = itf->family; 1448 AF(&itf->bcast) = itf->family; 1449 SET_PORT(&itf->sin, port); 1450 SET_PORT(&itf->mask, port); 1451 SET_PORT(&itf->bcast, port); 1452 1453 if (IS_IPV4(&itf->sin)) { 1454 NSRCADR(&itf->sin) = isc_if->address.type.in.s_addr; 1455 NSRCADR(&itf->mask) = isc_if->netmask.type.in.s_addr; 1456 1457 if (isc_if->flags & INTERFACE_F_BROADCAST) { 1458 itf->flags |= INT_BROADCAST; 1459 NSRCADR(&itf->bcast) = 1460 isc_if->broadcast.type.in.s_addr; 1461 } 1462 } 1463 #ifdef INCLUDE_IPV6_SUPPORT 1464 else if (IS_IPV6(&itf->sin)) { 1465 SET_ADDR6N(&itf->sin, isc_if->address.type.in6); 1466 SET_ADDR6N(&itf->mask, isc_if->netmask.type.in6); 1467 1468 SET_SCOPE(&itf->sin, isc_if->address.zone); 1469 } 1470 #endif /* INCLUDE_IPV6_SUPPORT */ 1471 1472 1473 /* Process the rest of the flags */ 1474 1475 itf->flags |= 1476 ((INTERFACE_F_UP & isc_if->flags) 1477 ? INT_UP : 0) 1478 | ((INTERFACE_F_LOOPBACK & isc_if->flags) 1479 ? INT_LOOPBACK : 0) 1480 | ((INTERFACE_F_POINTTOPOINT & isc_if->flags) 1481 ? INT_PPP : 0) 1482 | ((INTERFACE_F_MULTICAST & isc_if->flags) 1483 ? INT_MULTICAST : 0) 1484 | ((INTERFACE_F_PRIVACY & isc_if->flags) 1485 ? INT_PRIVACY : 0) 1486 ; 1487 1488 /* 1489 * Clear the loopback flag if the address is not localhost. 1490 * http://bugs.ntp.org/1683 1491 */ 1492 if (INT_LOOPBACK & itf->flags) { 1493 if (AF_INET == itf->family) { 1494 if (127 != (SRCADR(&itf->sin) >> 24)) 1495 itf->flags &= ~INT_LOOPBACK; 1496 } else { 1497 if (memcmp(v6loop, NSRCADR6(&itf->sin), 1498 sizeof(NSRCADR6(&itf->sin)))) 1499 itf->flags &= ~INT_LOOPBACK; 1500 } 1501 } 1502 } 1503 1504 1505 /* 1506 * refresh_interface 1507 * 1508 * some OSes have been observed to keep 1509 * cached routes even when more specific routes 1510 * become available. 1511 * this can be mitigated by re-binding 1512 * the socket. 1513 */ 1514 static int 1515 refresh_interface( 1516 struct interface * interface 1517 ) 1518 { 1519 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 1520 if (interface->fd != INVALID_SOCKET) { 1521 int bcast = (interface->flags & INT_BCASTXMIT) != 0; 1522 /* as we forcibly close() the socket remove the 1523 broadcast permission indication */ 1524 if (bcast) 1525 socket_broadcast_disable(interface, &interface->sin); 1526 1527 close_and_delete_fd_from_list(interface->fd); 1528 1529 /* create new socket picking up a new first hop binding 1530 at connect() time */ 1531 interface->fd = open_socket(&interface->sin, 1532 bcast, 0, interface); 1533 /* 1534 * reset TTL indication so TTL is is set again 1535 * next time around 1536 */ 1537 interface->last_ttl = 0; 1538 return (interface->fd != INVALID_SOCKET); 1539 } else 1540 return 0; /* invalid sockets are not refreshable */ 1541 #else /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1542 return (interface->fd != INVALID_SOCKET); 1543 #endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1544 } 1545 1546 /* 1547 * interface_update - externally callable update function 1548 */ 1549 void 1550 interface_update( 1551 interface_receiver_t receiver, 1552 void * data) 1553 { 1554 int new_interface_found; 1555 1556 if (disable_dynamic_updates) 1557 return; 1558 1559 BLOCKIO(); 1560 new_interface_found = update_interfaces(NTP_PORT, receiver, data); 1561 UNBLOCKIO(); 1562 1563 if (!new_interface_found) 1564 return; 1565 1566 #ifdef DEBUG 1567 msyslog(LOG_DEBUG, "new interface(s) found: waking up resolver"); 1568 #endif 1569 interrupt_worker_sleep(); 1570 } 1571 1572 1573 /* 1574 * sau_from_netaddr() - convert network address on-wire formats. 1575 * Convert from libisc's isc_netaddr_t to NTP's sockaddr_u 1576 */ 1577 void 1578 sau_from_netaddr( 1579 sockaddr_u *psau, 1580 const isc_netaddr_t *pna 1581 ) 1582 { 1583 ZERO_SOCK(psau); 1584 AF(psau) = (u_short)pna->family; 1585 switch (pna->family) { 1586 1587 case AF_INET: 1588 memcpy(&psau->sa4.sin_addr, &pna->type.in, 1589 sizeof(psau->sa4.sin_addr)); 1590 break; 1591 1592 case AF_INET6: 1593 memcpy(&psau->sa6.sin6_addr, &pna->type.in6, 1594 sizeof(psau->sa6.sin6_addr)); 1595 break; 1596 } 1597 } 1598 1599 1600 static int 1601 is_wildcard_addr( 1602 const sockaddr_u *psau 1603 ) 1604 { 1605 if (IS_IPV4(psau) && !NSRCADR(psau)) 1606 return 1; 1607 1608 #ifdef INCLUDE_IPV6_SUPPORT 1609 if (IS_IPV6(psau) && S_ADDR6_EQ(psau, &in6addr_any)) 1610 return 1; 1611 #endif 1612 1613 return 0; 1614 } 1615 1616 1617 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 1618 /* 1619 * enable/disable re-use of wildcard address socket 1620 */ 1621 static void 1622 set_wildcard_reuse( 1623 u_short family, 1624 int on 1625 ) 1626 { 1627 struct interface *any; 1628 SOCKET fd = INVALID_SOCKET; 1629 1630 any = ANY_INTERFACE_BYFAM(family); 1631 if (any != NULL) 1632 fd = any->fd; 1633 1634 if (fd != INVALID_SOCKET) { 1635 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 1636 (char *)&on, sizeof(on))) 1637 msyslog(LOG_ERR, 1638 "set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m", 1639 on ? "on" : "off"); 1640 1641 DPRINTF(4, ("set SO_REUSEADDR to %s on %s\n", 1642 on ? "on" : "off", 1643 stoa(&any->sin))); 1644 } 1645 } 1646 #endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ 1647 1648 1649 static isc_boolean_t 1650 check_flags6( 1651 sockaddr_u *psau, 1652 const char *name, 1653 u_int32 flags6 1654 ) 1655 { 1656 #if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6) && \ 1657 (defined(IN6_IFF_ANYCAST) || defined(IN6_IFF_NOTREADY)) 1658 struct in6_ifreq ifr6; 1659 int fd; 1660 u_int32 exclude = 0; 1661 1662 if (psau->sa.sa_family != AF_INET6) 1663 return ISC_FALSE; 1664 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) 1665 return ISC_FALSE; 1666 ZERO(ifr6); 1667 memcpy(&ifr6.ifr_addr, &psau->sa6, sizeof(ifr6.ifr_addr)); 1668 strlcpy(ifr6.ifr_name, name, sizeof(ifr6.ifr_name)); 1669 if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) { 1670 close(fd); 1671 return ISC_FALSE; 1672 } 1673 close(fd); 1674 flags6 = ifr6.ifr_ifru.ifru_flags6; 1675 #if defined(IN6_IFF_ANYCAST) 1676 exclude |= IN6_IFF_ANYCAST; 1677 #endif /* !IN6_IFF_ANYCAST */ 1678 #if defined(IN6_IFF_NOTREADY) 1679 exclude |= IN6_IFF_NOTREADY; 1680 #endif /* !IN6_IFF_NOTREADY */ 1681 if ((flags6 & exclude) != 0) 1682 return ISC_TRUE; 1683 #endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 && (IN6_IFF_ANYCAST && IN6_IFF_NOTREADY) */ 1684 return ISC_FALSE; 1685 } 1686 1687 static isc_boolean_t 1688 is_not_bindable( 1689 sockaddr_u *psau, 1690 const char *name 1691 ) 1692 { 1693 #ifdef IN6_IFF_ANYCAST 1694 return check_flags6(psau, name, IN6_IFF_ANYCAST); 1695 #else 1696 return ISC_FALSE; 1697 #endif 1698 } 1699 1700 static isc_boolean_t 1701 is_valid( 1702 sockaddr_u *psau, 1703 const char *name 1704 ) 1705 { 1706 u_int32 flags6; 1707 1708 flags6 = 0; 1709 #ifdef IN6_IFF_DEPARTED 1710 flags6 |= IN6_IFF_DEPARTED; 1711 #endif 1712 #ifdef IN6_IFF_DETACHED 1713 flags6 |= IN6_IFF_DETACHED; 1714 #endif 1715 #ifdef IN6_IFF_TENTATIVE 1716 flags6 |= IN6_IFF_TENTATIVE; 1717 #endif 1718 return check_flags6(psau, name, flags6) ? ISC_FALSE : ISC_TRUE; 1719 } 1720 1721 /* 1722 * update_interface strategy 1723 * 1724 * toggle configuration phase 1725 * 1726 * Phase 1: 1727 * forall currently existing interfaces 1728 * if address is known: 1729 * drop socket - rebind again 1730 * 1731 * if address is NOT known: 1732 * attempt to create a new interface entry 1733 * 1734 * Phase 2: 1735 * forall currently known non MCAST and WILDCARD interfaces 1736 * if interface does not match configuration phase (not seen in phase 1): 1737 * remove interface from known interface list 1738 * forall peers associated with this interface 1739 * disconnect peer from this interface 1740 * 1741 * Phase 3: 1742 * attempt to re-assign interfaces to peers 1743 * 1744 */ 1745 1746 static int 1747 update_interfaces( 1748 u_short port, 1749 interface_receiver_t receiver, 1750 void * data 1751 ) 1752 { 1753 isc_mem_t * mctx = (void *)-1; 1754 interface_info_t ifi; 1755 isc_interfaceiter_t * iter; 1756 isc_result_t result; 1757 isc_interface_t isc_if; 1758 int new_interface_found; 1759 unsigned int family; 1760 endpt enumep; 1761 endpt * ep; 1762 endpt * next_ep; 1763 1764 DPRINTF(3, ("update_interfaces(%d)\n", port)); 1765 1766 /* 1767 * phase one - scan interfaces 1768 * - create those that are not found 1769 * - update those that are found 1770 */ 1771 1772 new_interface_found = FALSE; 1773 iter = NULL; 1774 result = isc_interfaceiter_create(mctx, &iter); 1775 1776 if (result != ISC_R_SUCCESS) 1777 return 0; 1778 1779 /* 1780 * Toggle system interface scan phase to find untouched 1781 * interfaces to be deleted. 1782 */ 1783 sys_interphase ^= 0x1; 1784 1785 for (result = isc_interfaceiter_first(iter); 1786 ISC_R_SUCCESS == result; 1787 result = isc_interfaceiter_next(iter)) { 1788 1789 result = isc_interfaceiter_current(iter, &isc_if); 1790 1791 if (result != ISC_R_SUCCESS) 1792 break; 1793 1794 /* See if we have a valid family to use */ 1795 family = isc_if.address.family; 1796 if (AF_INET != family && AF_INET6 != family) 1797 continue; 1798 if (AF_INET == family && !ipv4_works) 1799 continue; 1800 if (AF_INET6 == family && !ipv6_works) 1801 continue; 1802 1803 /* create prototype */ 1804 init_interface(&enumep); 1805 1806 convert_isc_if(&isc_if, &enumep, port); 1807 1808 DPRINT_INTERFACE(4, (&enumep, "examining ", "\n")); 1809 1810 /* 1811 * Check if and how we are going to use the interface. 1812 */ 1813 switch (interface_action(enumep.name, &enumep.sin, 1814 enumep.flags)) { 1815 1816 case ACTION_IGNORE: 1817 DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n", 1818 enumep.name, stoa(&enumep.sin))); 1819 continue; 1820 1821 case ACTION_LISTEN: 1822 DPRINTF(4, ("listen interface %s (%s) - by nic rules\n", 1823 enumep.name, stoa(&enumep.sin))); 1824 enumep.ignore_packets = ISC_FALSE; 1825 break; 1826 1827 case ACTION_DROP: 1828 DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n", 1829 enumep.name, stoa(&enumep.sin))); 1830 enumep.ignore_packets = ISC_TRUE; 1831 break; 1832 } 1833 1834 /* interfaces must be UP to be usable */ 1835 if (!(enumep.flags & INT_UP)) { 1836 DPRINTF(4, ("skipping interface %s (%s) - DOWN\n", 1837 enumep.name, stoa(&enumep.sin))); 1838 continue; 1839 } 1840 1841 /* 1842 * skip any interfaces UP and bound to a wildcard 1843 * address - some dhcp clients produce that in the 1844 * wild 1845 */ 1846 if (is_wildcard_addr(&enumep.sin)) 1847 continue; 1848 1849 if (is_not_bindable(&enumep.sin, isc_if.name)) 1850 continue; 1851 1852 /* 1853 * skip any address that is an invalid state to be used 1854 */ 1855 if (!is_valid(&enumep.sin, isc_if.name)) 1856 continue; 1857 1858 /* 1859 * map to local *address* in order to map all duplicate 1860 * interfaces to an endpt structure with the appropriate 1861 * socket. Our name space is (ip-address), NOT 1862 * (interface name, ip-address). 1863 */ 1864 ep = getinterface(&enumep.sin, INT_WILDCARD); 1865 1866 if (ep != NULL && refresh_interface(ep)) { 1867 /* 1868 * found existing and up to date interface - 1869 * mark present. 1870 */ 1871 if (ep->phase != sys_interphase) { 1872 /* 1873 * On a new round we reset the name so 1874 * the interface name shows up again if 1875 * this address is no longer shared. 1876 * We reset ignore_packets from the 1877 * new prototype to respect any runtime 1878 * changes to the nic rules. 1879 */ 1880 strlcpy(ep->name, enumep.name, 1881 sizeof(ep->name)); 1882 ep->ignore_packets = 1883 enumep.ignore_packets; 1884 } else { 1885 /* name collision - rename interface */ 1886 strlcpy(ep->name, "*multiple*", 1887 sizeof(ep->name)); 1888 } 1889 1890 DPRINT_INTERFACE(4, (ep, "updating ", 1891 " present\n")); 1892 1893 if (ep->ignore_packets != 1894 enumep.ignore_packets) { 1895 /* 1896 * We have conflicting configurations 1897 * for the interface address. This is 1898 * caused by using -I <interfacename> 1899 * for an interface that shares its 1900 * address with other interfaces. We 1901 * can not disambiguate incoming 1902 * packets delivered to this socket 1903 * without extra syscalls/features. 1904 * These are not (commonly) available. 1905 * Note this is a more unusual 1906 * configuration where several 1907 * interfaces share an address but 1908 * filtering via interface name is 1909 * attempted. We resolve the 1910 * configuration conflict by disabling 1911 * the processing of received packets. 1912 * This leads to no service on the 1913 * interface address where the conflict 1914 * occurs. 1915 */ 1916 msyslog(LOG_ERR, 1917 "WARNING: conflicting enable configuration for interfaces %s and %s for address %s - unsupported configuration - address DISABLED", 1918 enumep.name, ep->name, 1919 stoa(&enumep.sin)); 1920 1921 ep->ignore_packets = ISC_TRUE; 1922 } 1923 1924 ep->phase = sys_interphase; 1925 1926 ifi.action = IFS_EXISTS; 1927 ifi.ep = ep; 1928 if (receiver != NULL) 1929 (*receiver)(data, &ifi); 1930 } else { 1931 /* 1932 * This is new or refreshing failed - add to 1933 * our interface list. If refreshing failed we 1934 * will delete the interface structure in phase 1935 * 2 as the interface was not marked current. 1936 * We can bind to the address as the refresh 1937 * code already closed the offending socket 1938 */ 1939 ep = create_interface(port, &enumep); 1940 1941 if (ep != NULL) { 1942 ifi.action = IFS_CREATED; 1943 ifi.ep = ep; 1944 if (receiver != NULL) 1945 (*receiver)(data, &ifi); 1946 1947 new_interface_found = TRUE; 1948 DPRINT_INTERFACE(3, 1949 (ep, "updating ", 1950 " new - created\n")); 1951 } else { 1952 DPRINT_INTERFACE(3, 1953 (&enumep, "updating ", 1954 " new - creation FAILED")); 1955 1956 msyslog(LOG_INFO, 1957 "failed to init interface for address %s", 1958 stoa(&enumep.sin)); 1959 continue; 1960 } 1961 } 1962 } 1963 1964 isc_interfaceiter_destroy(&iter); 1965 1966 /* 1967 * phase 2 - delete gone interfaces - reassigning peers to 1968 * other interfaces 1969 */ 1970 for (ep = ep_list; ep != NULL; ep = next_ep) { 1971 next_ep = ep->elink; 1972 1973 /* 1974 * if phase does not match sys_phase this interface was 1975 * not enumerated during the last interface scan - so it 1976 * is gone and will be deleted here unless it did not 1977 * originate from interface enumeration (INT_WILDCARD, 1978 * INT_MCASTIF). 1979 */ 1980 if (((INT_WILDCARD | INT_MCASTIF) & ep->flags) || 1981 ep->phase == sys_interphase) 1982 continue; 1983 1984 DPRINT_INTERFACE(3, (ep, "updating ", 1985 "GONE - deleting\n")); 1986 remove_interface(ep); 1987 1988 ifi.action = IFS_DELETED; 1989 ifi.ep = ep; 1990 if (receiver != NULL) 1991 (*receiver)(data, &ifi); 1992 1993 /* disconnect peers from deleted endpt. */ 1994 while (ep->peers != NULL) 1995 set_peerdstadr(ep->peers, NULL); 1996 1997 /* 1998 * update globals in case we lose 1999 * a loopback interface 2000 */ 2001 if (ep == loopback_interface) 2002 loopback_interface = NULL; 2003 2004 delete_interface(ep); 2005 } 2006 2007 /* 2008 * phase 3 - re-configure as the world has possibly changed 2009 * 2010 * never ever make this conditional again - it is needed to track 2011 * routing updates. see bug #2506 2012 */ 2013 refresh_all_peerinterfaces(); 2014 2015 if (broadcast_client_enabled) 2016 io_setbclient(); 2017 2018 if (sys_bclient) 2019 io_setbclient(); 2020 2021 return new_interface_found; 2022 } 2023 2024 2025 /* 2026 * create_sockets - create a socket for each interface plus a default 2027 * socket for when we don't know where to send 2028 */ 2029 static int 2030 create_sockets( 2031 u_short port 2032 ) 2033 { 2034 #ifndef HAVE_IO_COMPLETION_PORT 2035 /* 2036 * I/O Completion Ports don't care about the select and FD_SET 2037 */ 2038 maxactivefd = 0; 2039 FD_ZERO(&activefds); 2040 #endif 2041 2042 DPRINTF(2, ("create_sockets(%d)\n", port)); 2043 2044 create_wildcards(port); 2045 2046 update_interfaces(port, NULL, NULL); 2047 2048 /* 2049 * Now that we have opened all the sockets, turn off the reuse 2050 * flag for security. 2051 */ 2052 set_reuseaddr(0); 2053 2054 DPRINTF(2, ("create_sockets: Total interfaces = %d\n", ninterfaces)); 2055 2056 return ninterfaces; 2057 } 2058 2059 /* 2060 * create_interface - create a new interface for a given prototype 2061 * binding the socket. 2062 */ 2063 static struct interface * 2064 create_interface( 2065 u_short port, 2066 struct interface * protot 2067 ) 2068 { 2069 sockaddr_u resmask; 2070 endpt * iface; 2071 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2072 remaddr_t * entry; 2073 remaddr_t * next_entry; 2074 #endif 2075 DPRINTF(2, ("create_interface(%s#%d)\n", stoa(&protot->sin), 2076 port)); 2077 2078 /* build an interface */ 2079 iface = new_interface(protot); 2080 2081 /* 2082 * create socket 2083 */ 2084 iface->fd = open_socket(&iface->sin, 0, 0, iface); 2085 2086 if (iface->fd != INVALID_SOCKET) 2087 log_listen_address(iface); 2088 2089 if ((INT_BROADCAST & iface->flags) 2090 && iface->bfd != INVALID_SOCKET) 2091 msyslog(LOG_INFO, "Listening on broadcast address %s#%d", 2092 stoa((&iface->bcast)), port); 2093 2094 if (INVALID_SOCKET == iface->fd 2095 && INVALID_SOCKET == iface->bfd) { 2096 msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s#%d", 2097 iface->name, 2098 iface->ifnum, 2099 stoa((&iface->sin)), 2100 port); 2101 delete_interface(iface); 2102 return NULL; 2103 } 2104 2105 /* 2106 * Blacklist our own addresses, no use talking to ourself 2107 */ 2108 SET_HOSTMASK(&resmask, AF(&iface->sin)); 2109 hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask, 2110 RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); 2111 2112 /* 2113 * set globals with the first found 2114 * loopback interface of the appropriate class 2115 */ 2116 if (NULL == loopback_interface && AF_INET == iface->family 2117 && (INT_LOOPBACK & iface->flags)) 2118 loopback_interface = iface; 2119 2120 /* 2121 * put into our interface list 2122 */ 2123 add_addr_to_list(&iface->sin, iface); 2124 add_interface(iface); 2125 2126 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2127 /* 2128 * Join any previously-configured compatible multicast groups. 2129 */ 2130 if (INT_MULTICAST & iface->flags && 2131 !((INT_LOOPBACK | INT_WILDCARD) & iface->flags) && 2132 !iface->ignore_packets) { 2133 for (entry = remoteaddr_list; 2134 entry != NULL; 2135 entry = next_entry) { 2136 next_entry = entry->link; 2137 if (AF(&iface->sin) != AF(&entry->addr) || 2138 !IS_MCAST(&entry->addr)) 2139 continue; 2140 if (socket_multicast_enable(iface, 2141 &entry->addr)) 2142 msyslog(LOG_INFO, 2143 "Joined %s socket to multicast group %s", 2144 stoa(&iface->sin), 2145 stoa(&entry->addr)); 2146 else 2147 msyslog(LOG_ERR, 2148 "Failed to join %s socket to multicast group %s", 2149 stoa(&iface->sin), 2150 stoa(&entry->addr)); 2151 } 2152 } 2153 #endif /* MCAST && MCAST_NONEWSOCKET */ 2154 2155 DPRINT_INTERFACE(2, (iface, "created ", "\n")); 2156 return iface; 2157 } 2158 2159 2160 #ifdef SO_EXCLUSIVEADDRUSE 2161 static void 2162 set_excladdruse( 2163 SOCKET fd 2164 ) 2165 { 2166 int one = 1; 2167 int failed; 2168 #ifdef SYS_WINNT 2169 DWORD err; 2170 #endif 2171 2172 failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, 2173 (char *)&one, sizeof(one)); 2174 2175 if (!failed) 2176 return; 2177 2178 #ifdef SYS_WINNT 2179 /* 2180 * Prior to Windows XP setting SO_EXCLUSIVEADDRUSE can fail with 2181 * error WSAINVAL depending on service pack level and whether 2182 * the user account is in the Administrators group. Do not 2183 * complain if it fails that way on versions prior to XP (5.1). 2184 */ 2185 err = GetLastError(); 2186 2187 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0 /* < 5.1/XP */ 2188 && WSAEINVAL == err) 2189 return; 2190 2191 SetLastError(err); 2192 #endif 2193 msyslog(LOG_ERR, 2194 "setsockopt(%d, SO_EXCLUSIVEADDRUSE, on): %m", 2195 (int)fd); 2196 } 2197 #endif /* SO_EXCLUSIVEADDRUSE */ 2198 2199 2200 /* 2201 * set_reuseaddr() - set/clear REUSEADDR on all sockets 2202 * NB possible hole - should we be doing this on broadcast 2203 * fd's also? 2204 */ 2205 static void 2206 set_reuseaddr( 2207 int flag 2208 ) 2209 { 2210 #ifndef SO_EXCLUSIVEADDRUSE 2211 endpt *ep; 2212 2213 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2214 if (ep->flags & INT_WILDCARD) 2215 continue; 2216 2217 /* 2218 * if ep->fd is INVALID_SOCKET, we might have a adapter 2219 * configured but not present 2220 */ 2221 DPRINTF(4, ("setting SO_REUSEADDR on %.16s@%s to %s\n", 2222 ep->name, stoa(&ep->sin), 2223 flag ? "on" : "off")); 2224 2225 if (ep->fd != INVALID_SOCKET) { 2226 if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR, 2227 (char *)&flag, sizeof(flag))) { 2228 msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m", 2229 stoa(&ep->sin), flag ? "on" : "off"); 2230 } 2231 } 2232 } 2233 #endif /* ! SO_EXCLUSIVEADDRUSE */ 2234 } 2235 2236 /* 2237 * This is just a wrapper around an internal function so we can 2238 * make other changes as necessary later on 2239 */ 2240 void 2241 enable_broadcast( 2242 struct interface * iface, 2243 sockaddr_u * baddr 2244 ) 2245 { 2246 #ifdef OPEN_BCAST_SOCKET 2247 socket_broadcast_enable(iface, iface->fd, baddr); 2248 #endif 2249 } 2250 2251 #ifdef OPEN_BCAST_SOCKET 2252 /* 2253 * Enable a broadcast address to a given socket 2254 * The socket is in the ep_list all we need to do is enable 2255 * broadcasting. It is not this function's job to select the socket 2256 */ 2257 static isc_boolean_t 2258 socket_broadcast_enable( 2259 struct interface * iface, 2260 SOCKET fd, 2261 sockaddr_u * baddr 2262 ) 2263 { 2264 #ifdef SO_BROADCAST 2265 int on = 1; 2266 2267 if (IS_IPV4(baddr)) { 2268 /* if this interface can support broadcast, set SO_BROADCAST */ 2269 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, 2270 (char *)&on, sizeof(on))) 2271 msyslog(LOG_ERR, 2272 "setsockopt(SO_BROADCAST) enable failure on address %s: %m", 2273 stoa(baddr)); 2274 else 2275 DPRINTF(2, ("Broadcast enabled on socket %d for address %s\n", 2276 fd, stoa(baddr))); 2277 } 2278 iface->flags |= INT_BCASTXMIT; 2279 return ISC_TRUE; 2280 #else 2281 return ISC_FALSE; 2282 #endif /* SO_BROADCAST */ 2283 } 2284 2285 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 2286 /* 2287 * Remove a broadcast address from a given socket 2288 * The socket is in the ep_list all we need to do is disable 2289 * broadcasting. It is not this function's job to select the socket 2290 */ 2291 static isc_boolean_t 2292 socket_broadcast_disable( 2293 struct interface * iface, 2294 sockaddr_u * baddr 2295 ) 2296 { 2297 #ifdef SO_BROADCAST 2298 int off = 0; /* This seems to be OK as an int */ 2299 2300 if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET, 2301 SO_BROADCAST, (char *)&off, sizeof(off))) 2302 msyslog(LOG_ERR, 2303 "setsockopt(SO_BROADCAST) disable failure on address %s: %m", 2304 stoa(baddr)); 2305 2306 iface->flags &= ~INT_BCASTXMIT; 2307 return ISC_TRUE; 2308 #else 2309 return ISC_FALSE; 2310 #endif /* SO_BROADCAST */ 2311 } 2312 #endif /* OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 2313 2314 #endif /* OPEN_BCAST_SOCKET */ 2315 2316 /* 2317 * return the broadcast client flag value 2318 */ 2319 isc_boolean_t 2320 get_broadcastclient_flag(void) 2321 { 2322 return (broadcast_client_enabled); 2323 } 2324 /* 2325 * Check to see if the address is a multicast address 2326 */ 2327 static isc_boolean_t 2328 addr_ismulticast( 2329 sockaddr_u *maddr 2330 ) 2331 { 2332 isc_boolean_t result; 2333 2334 #ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 2335 /* 2336 * If we don't have IPV6 support any IPV6 addr is not multicast 2337 */ 2338 if (IS_IPV6(maddr)) 2339 result = ISC_FALSE; 2340 else 2341 #endif 2342 result = IS_MCAST(maddr); 2343 2344 if (!result) 2345 DPRINTF(4, ("address %s is not multicast\n", 2346 stoa(maddr))); 2347 2348 return result; 2349 } 2350 2351 /* 2352 * Multicast servers need to set the appropriate Multicast interface 2353 * socket option in order for it to know which interface to use for 2354 * send the multicast packet. 2355 */ 2356 void 2357 enable_multicast_if( 2358 struct interface * iface, 2359 sockaddr_u * maddr 2360 ) 2361 { 2362 #ifdef MCAST 2363 #ifdef IP_MULTICAST_LOOP 2364 TYPEOF_IP_MULTICAST_LOOP off = 0; 2365 #endif 2366 #if defined(INCLUDE_IPV6_MULTICAST_SUPPORT) && defined(IPV6_MULTICAST_LOOP) 2367 u_int off6 = 0; 2368 #endif 2369 2370 NTP_REQUIRE(AF(maddr) == AF(&iface->sin)); 2371 2372 switch (AF(&iface->sin)) { 2373 2374 case AF_INET: 2375 #ifdef IP_MULTICAST_LOOP 2376 /* 2377 * Don't send back to itself, but allow failure to set 2378 */ 2379 if (setsockopt(iface->fd, IPPROTO_IP, 2380 IP_MULTICAST_LOOP, 2381 SETSOCKOPT_ARG_CAST &off, 2382 sizeof(off))) { 2383 2384 msyslog(LOG_ERR, 2385 "setsockopt IP_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2386 iface->fd, stoa(&iface->sin), 2387 stoa(maddr)); 2388 } 2389 #endif 2390 break; 2391 2392 case AF_INET6: 2393 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2394 #ifdef IPV6_MULTICAST_LOOP 2395 /* 2396 * Don't send back to itself, but allow failure to set 2397 */ 2398 if (setsockopt(iface->fd, IPPROTO_IPV6, 2399 IPV6_MULTICAST_LOOP, 2400 (char *) &off6, sizeof(off6))) { 2401 2402 msyslog(LOG_ERR, 2403 "setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2404 iface->fd, stoa(&iface->sin), 2405 stoa(maddr)); 2406 } 2407 #endif 2408 break; 2409 #else 2410 return; 2411 #endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2412 } 2413 return; 2414 #endif 2415 } 2416 2417 /* 2418 * Add a multicast address to a given socket 2419 * The socket is in the ep_list all we need to do is enable 2420 * multicasting. It is not this function's job to select the socket 2421 */ 2422 #if defined(MCAST) 2423 static isc_boolean_t 2424 socket_multicast_enable( 2425 endpt * iface, 2426 sockaddr_u * maddr 2427 ) 2428 { 2429 struct ip_mreq mreq; 2430 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2431 struct ipv6_mreq mreq6; 2432 #endif 2433 switch (AF(maddr)) { 2434 2435 case AF_INET: 2436 ZERO(mreq); 2437 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2438 mreq.imr_interface.s_addr = htonl(INADDR_ANY); 2439 if (setsockopt(iface->fd, 2440 IPPROTO_IP, 2441 IP_ADD_MEMBERSHIP, 2442 (char *)&mreq, 2443 sizeof(mreq))) { 2444 msyslog(LOG_ERR, 2445 "setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2446 iface->fd, stoa(&iface->sin), 2447 mreq.imr_multiaddr.s_addr, 2448 mreq.imr_interface.s_addr, 2449 stoa(maddr)); 2450 return ISC_FALSE; 2451 } 2452 DPRINTF(4, ("Added IPv4 multicast membership on socket %d, addr %s for %x / %x (%s)\n", 2453 iface->fd, stoa(&iface->sin), 2454 mreq.imr_multiaddr.s_addr, 2455 mreq.imr_interface.s_addr, stoa(maddr))); 2456 break; 2457 2458 case AF_INET6: 2459 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2460 /* 2461 * Enable reception of multicast packets. 2462 * If the address is link-local we can get the 2463 * interface index from the scope id. Don't do this 2464 * for other types of multicast addresses. For now let 2465 * the kernel figure it out. 2466 */ 2467 ZERO(mreq6); 2468 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2469 mreq6.ipv6mr_interface = iface->ifindex; 2470 2471 if (setsockopt(iface->fd, IPPROTO_IPV6, 2472 IPV6_JOIN_GROUP, (char *)&mreq6, 2473 sizeof(mreq6))) { 2474 msyslog(LOG_ERR, 2475 "setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)", 2476 iface->fd, stoa(&iface->sin), 2477 mreq6.ipv6mr_interface, stoa(maddr)); 2478 return ISC_FALSE; 2479 } 2480 DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n", 2481 iface->fd, stoa(&iface->sin), 2482 mreq6.ipv6mr_interface, stoa(maddr))); 2483 #else 2484 return ISC_FALSE; 2485 #endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2486 } 2487 iface->flags |= INT_MCASTOPEN; 2488 iface->num_mcast++; 2489 2490 return ISC_TRUE; 2491 } 2492 #endif /* MCAST */ 2493 2494 2495 /* 2496 * Remove a multicast address from a given socket 2497 * The socket is in the ep_list all we need to do is disable 2498 * multicasting. It is not this function's job to select the socket 2499 */ 2500 #ifdef MCAST 2501 static isc_boolean_t 2502 socket_multicast_disable( 2503 struct interface * iface, 2504 sockaddr_u * maddr 2505 ) 2506 { 2507 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2508 struct ipv6_mreq mreq6; 2509 #endif 2510 struct ip_mreq mreq; 2511 2512 ZERO(mreq); 2513 2514 if (find_addr_in_list(maddr) == NULL) { 2515 DPRINTF(4, ("socket_multicast_disable(%s): not found\n", 2516 stoa(maddr))); 2517 return ISC_TRUE; 2518 } 2519 2520 switch (AF(maddr)) { 2521 2522 case AF_INET: 2523 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2524 mreq.imr_interface = SOCK_ADDR4(&iface->sin); 2525 if (setsockopt(iface->fd, IPPROTO_IP, 2526 IP_DROP_MEMBERSHIP, (char *)&mreq, 2527 sizeof(mreq))) { 2528 2529 msyslog(LOG_ERR, 2530 "setsockopt IP_DROP_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2531 iface->fd, stoa(&iface->sin), 2532 SRCADR(maddr), SRCADR(&iface->sin), 2533 stoa(maddr)); 2534 return ISC_FALSE; 2535 } 2536 break; 2537 case AF_INET6: 2538 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2539 /* 2540 * Disable reception of multicast packets 2541 * If the address is link-local we can get the 2542 * interface index from the scope id. Don't do this 2543 * for other types of multicast addresses. For now let 2544 * the kernel figure it out. 2545 */ 2546 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2547 mreq6.ipv6mr_interface = iface->ifindex; 2548 2549 if (setsockopt(iface->fd, IPPROTO_IPV6, 2550 IPV6_LEAVE_GROUP, (char *)&mreq6, 2551 sizeof(mreq6))) { 2552 2553 msyslog(LOG_ERR, 2554 "setsockopt IPV6_LEAVE_GROUP failure: %m on socket %d, addr %s for %d (%s)", 2555 iface->fd, stoa(&iface->sin), 2556 iface->ifindex, stoa(maddr)); 2557 return ISC_FALSE; 2558 } 2559 break; 2560 #else 2561 return ISC_FALSE; 2562 #endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2563 } 2564 2565 iface->num_mcast--; 2566 if (!iface->num_mcast) 2567 iface->flags &= ~INT_MCASTOPEN; 2568 2569 return ISC_TRUE; 2570 } 2571 #endif /* MCAST */ 2572 2573 /* 2574 * io_setbclient - open the broadcast client sockets 2575 */ 2576 void 2577 io_setbclient(void) 2578 { 2579 #ifdef OPEN_BCAST_SOCKET 2580 struct interface * interf; 2581 int nif; 2582 2583 nif = 0; 2584 set_reuseaddr(1); 2585 2586 for (interf = ep_list; 2587 interf != NULL; 2588 interf = interf->elink) { 2589 2590 if (interf->flags & (INT_WILDCARD | INT_LOOPBACK)) 2591 continue; 2592 2593 /* use only allowed addresses */ 2594 if (interf->ignore_packets) 2595 continue; 2596 2597 /* Need a broadcast-capable interface */ 2598 if (!(interf->flags & INT_BROADCAST)) 2599 continue; 2600 2601 /* Only IPv4 addresses are valid for broadcast */ 2602 NTP_REQUIRE(IS_IPV4(&interf->sin)); 2603 2604 /* Do we already have the broadcast address open? */ 2605 if (interf->flags & INT_BCASTOPEN) { 2606 /* 2607 * account for already open interfaces to avoid 2608 * misleading warning below 2609 */ 2610 nif++; 2611 continue; 2612 } 2613 2614 /* 2615 * Try to open the broadcast address 2616 */ 2617 interf->family = AF_INET; 2618 interf->bfd = open_socket(&interf->bcast, 1, 0, interf); 2619 2620 /* 2621 * If we succeeded then we use it otherwise enable 2622 * broadcast on the interface address 2623 */ 2624 if (interf->bfd != INVALID_SOCKET) { 2625 nif++; 2626 interf->flags |= INT_BCASTOPEN; 2627 msyslog(LOG_INFO, 2628 "Listen for broadcasts to %s on interface #%d %s", 2629 stoa(&interf->bcast), interf->ifnum, interf->name); 2630 } else { 2631 /* silently ignore EADDRINUSE as we probably opened 2632 the socket already for an address in the same network */ 2633 if (errno != EADDRINUSE) 2634 msyslog(LOG_INFO, 2635 "failed to listen for broadcasts to %s on interface #%d %s", 2636 stoa(&interf->bcast), interf->ifnum, interf->name); 2637 } 2638 } 2639 set_reuseaddr(0); 2640 if (nif > 0) { 2641 broadcast_client_enabled = ISC_TRUE; 2642 DPRINTF(1, ("io_setbclient: listening to %d broadcast addresses\n", nif)); 2643 } 2644 else if (!nif) { 2645 broadcast_client_enabled = ISC_FALSE; 2646 msyslog(LOG_ERR, 2647 "Unable to listen for broadcasts, no broadcast interfaces available"); 2648 } 2649 #else 2650 msyslog(LOG_ERR, 2651 "io_setbclient: Broadcast Client disabled by build"); 2652 #endif /* OPEN_BCAST_SOCKET */ 2653 } 2654 2655 /* 2656 * io_unsetbclient - close the broadcast client sockets 2657 */ 2658 void 2659 io_unsetbclient(void) 2660 { 2661 endpt *ep; 2662 2663 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2664 if (INT_WILDCARD & ep->flags) 2665 continue; 2666 if (!(INT_BCASTOPEN & ep->flags)) 2667 continue; 2668 2669 if (ep->bfd != INVALID_SOCKET) { 2670 /* destroy broadcast listening socket */ 2671 msyslog(LOG_INFO, 2672 "stop listening for broadcasts to %s on interface #%d %s", 2673 stoa(&ep->bcast), ep->ifnum, ep->name); 2674 close_and_delete_fd_from_list(ep->bfd); 2675 ep->bfd = INVALID_SOCKET; 2676 ep->flags &= ~INT_BCASTOPEN; 2677 } 2678 } 2679 broadcast_client_enabled = ISC_FALSE; 2680 } 2681 2682 /* 2683 * io_multicast_add() - add multicast group address 2684 */ 2685 void 2686 io_multicast_add( 2687 sockaddr_u *addr 2688 ) 2689 { 2690 #ifdef MCAST 2691 endpt * ep; 2692 endpt * one_ep; 2693 2694 /* 2695 * Check to see if this is a multicast address 2696 */ 2697 if (!addr_ismulticast(addr)) 2698 return; 2699 2700 /* If we already have it we can just return */ 2701 if (NULL != find_flagged_addr_in_list(addr, INT_MCASTOPEN)) { 2702 msyslog(LOG_INFO, 2703 "Duplicate request found for multicast address %s", 2704 stoa(addr)); 2705 return; 2706 } 2707 2708 #ifndef MULTICAST_NONEWSOCKET 2709 ep = new_interface(NULL); 2710 2711 /* 2712 * Open a new socket for the multicast address 2713 */ 2714 ep->sin = *addr; 2715 SET_PORT(&ep->sin, NTP_PORT); 2716 ep->family = AF(&ep->sin); 2717 AF(&ep->mask) = ep->family; 2718 SET_ONESMASK(&ep->mask); 2719 2720 set_reuseaddr(1); 2721 ep->bfd = INVALID_SOCKET; 2722 ep->fd = open_socket(&ep->sin, 0, 0, ep); 2723 if (ep->fd != INVALID_SOCKET) { 2724 ep->ignore_packets = ISC_FALSE; 2725 ep->flags |= INT_MCASTIF; 2726 2727 strlcpy(ep->name, "multicast", sizeof(ep->name)); 2728 DPRINT_INTERFACE(2, (ep, "multicast add ", "\n")); 2729 add_interface(ep); 2730 log_listen_address(ep); 2731 } else { 2732 /* bind failed, re-use wildcard interface */ 2733 delete_interface(ep); 2734 2735 if (IS_IPV4(addr)) 2736 ep = wildipv4; 2737 else if (IS_IPV6(addr)) 2738 ep = wildipv6; 2739 else 2740 ep = NULL; 2741 2742 if (ep != NULL) { 2743 /* HACK ! -- stuff in an address */ 2744 /* because we don't bind addr? DH */ 2745 ep->bcast = *addr; 2746 msyslog(LOG_ERR, 2747 "multicast address %s using wildcard interface #%d %s", 2748 stoa(addr), ep->ifnum, ep->name); 2749 } else { 2750 msyslog(LOG_ERR, 2751 "No multicast socket available to use for address %s", 2752 stoa(addr)); 2753 return; 2754 } 2755 } 2756 { /* in place of the { following for in #else clause */ 2757 one_ep = ep; 2758 #else /* MULTICAST_NONEWSOCKET follows */ 2759 /* 2760 * For the case where we can't use a separate socket (Windows) 2761 * join each applicable endpoint socket to the group address. 2762 */ 2763 if (IS_IPV4(addr)) 2764 one_ep = wildipv4; 2765 else 2766 one_ep = wildipv6; 2767 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2768 if (ep->ignore_packets || AF(&ep->sin) != AF(addr) || 2769 !(INT_MULTICAST & ep->flags) || 2770 (INT_LOOPBACK | INT_WILDCARD) & ep->flags) 2771 continue; 2772 one_ep = ep; 2773 #endif /* MULTICAST_NONEWSOCKET */ 2774 if (socket_multicast_enable(ep, addr)) 2775 msyslog(LOG_INFO, 2776 "Joined %s socket to multicast group %s", 2777 stoa(&ep->sin), 2778 stoa(addr)); 2779 else 2780 msyslog(LOG_ERR, 2781 "Failed to join %s socket to multicast group %s", 2782 stoa(&ep->sin), 2783 stoa(addr)); 2784 } 2785 2786 add_addr_to_list(addr, one_ep); 2787 #else /* !MCAST follows*/ 2788 msyslog(LOG_ERR, 2789 "Can not add multicast address %s: no multicast support", 2790 stoa(addr)); 2791 #endif 2792 return; 2793 } 2794 2795 2796 /* 2797 * io_multicast_del() - delete multicast group address 2798 */ 2799 void 2800 io_multicast_del( 2801 sockaddr_u * addr 2802 ) 2803 { 2804 #ifdef MCAST 2805 endpt *iface; 2806 2807 /* 2808 * Check to see if this is a multicast address 2809 */ 2810 if (!addr_ismulticast(addr)) { 2811 msyslog(LOG_ERR, "invalid multicast address %s", 2812 stoa(addr)); 2813 return; 2814 } 2815 2816 /* 2817 * Disable reception of multicast packets 2818 */ 2819 while ((iface = find_flagged_addr_in_list(addr, INT_MCASTOPEN)) 2820 != NULL) 2821 socket_multicast_disable(iface, addr); 2822 2823 delete_addr_from_list(addr); 2824 2825 #else /* not MCAST */ 2826 msyslog(LOG_ERR, 2827 "Can not delete multicast address %s: no multicast support", 2828 stoa(addr)); 2829 #endif /* not MCAST */ 2830 } 2831 2832 2833 /* 2834 * open_socket - open a socket, returning the file descriptor 2835 */ 2836 2837 static SOCKET 2838 open_socket( 2839 sockaddr_u * addr, 2840 int bcast, 2841 int turn_off_reuse, 2842 endpt * interf 2843 ) 2844 { 2845 SOCKET fd; 2846 int errval; 2847 /* 2848 * int is OK for REUSEADR per 2849 * http://www.kohala.com/start/mcast.api.txt 2850 */ 2851 int on = 1; 2852 int off = 0; 2853 2854 #ifndef IPTOS_DSCP_EF 2855 #define IPTOS_DSCP_EF 0xb8 2856 #endif 2857 int qos = IPTOS_DSCP_EF; /* QoS RFC3246 */ 2858 2859 if (IS_IPV6(addr) && !ipv6_works) 2860 return INVALID_SOCKET; 2861 2862 /* create a datagram (UDP) socket */ 2863 fd = socket(AF(addr), SOCK_DGRAM, 0); 2864 if (INVALID_SOCKET == fd) { 2865 errval = socket_errno(); 2866 msyslog(LOG_ERR, 2867 "socket(AF_INET%s, SOCK_DGRAM, 0) failed on address %s: %m", 2868 IS_IPV6(addr) ? "6" : "", stoa(addr)); 2869 2870 if (errval == EPROTONOSUPPORT || 2871 errval == EAFNOSUPPORT || 2872 errval == EPFNOSUPPORT) 2873 return (INVALID_SOCKET); 2874 2875 errno = errval; 2876 msyslog(LOG_ERR, 2877 "unexpected socket() error %m code %d (not EPROTONOSUPPORT nor EAFNOSUPPORT nor EPFNOSUPPORT) - exiting", 2878 errno); 2879 exit(1); 2880 } 2881 2882 #ifdef SYS_WINNT 2883 connection_reset_fix(fd, addr); 2884 #endif 2885 /* 2886 * Fixup the file descriptor for some systems 2887 * See bug #530 for details of the issue. 2888 */ 2889 fd = move_fd(fd); 2890 2891 /* 2892 * set SO_REUSEADDR since we will be binding the same port 2893 * number on each interface according to turn_off_reuse. 2894 * This is undesirable on Windows versions starting with 2895 * Windows XP (numeric version 5.1). 2896 */ 2897 #ifdef SYS_WINNT 2898 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */ 2899 #endif 2900 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 2901 (char *)((turn_off_reuse) 2902 ? &off 2903 : &on), 2904 sizeof(on))) { 2905 2906 msyslog(LOG_ERR, 2907 "setsockopt SO_REUSEADDR %s fails for address %s: %m", 2908 (turn_off_reuse) 2909 ? "off" 2910 : "on", 2911 stoa(addr)); 2912 closesocket(fd); 2913 return INVALID_SOCKET; 2914 } 2915 #ifdef SO_EXCLUSIVEADDRUSE 2916 /* 2917 * setting SO_EXCLUSIVEADDRUSE on the wildcard we open 2918 * first will cause more specific binds to fail. 2919 */ 2920 if (!(interf->flags & INT_WILDCARD)) 2921 set_excladdruse(fd); 2922 #endif 2923 2924 /* 2925 * IPv4 specific options go here 2926 */ 2927 if (IS_IPV4(addr)) { 2928 #if defined(IPPROTO_IP) && defined(IP_TOS) 2929 if (setsockopt(fd, IPPROTO_IP, IP_TOS, (char*)&qos, 2930 sizeof(qos))) 2931 msyslog(LOG_ERR, 2932 "setsockopt IP_TOS (%02x) fails on address %s: %m", 2933 qos, stoa(addr)); 2934 #endif /* IPPROTO_IP && IP_TOS */ 2935 if (bcast) 2936 socket_broadcast_enable(interf, fd, addr); 2937 } 2938 2939 /* 2940 * IPv6 specific options go here 2941 */ 2942 if (IS_IPV6(addr)) { 2943 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) 2944 if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (char*)&qos, 2945 sizeof(qos))) 2946 msyslog(LOG_ERR, 2947 "setsockopt IPV6_TCLASS (%02x) fails on address %s: %m", 2948 qos, stoa(addr)); 2949 #endif /* IPPROTO_IPV6 && IPV6_TCLASS */ 2950 #ifdef IPV6_V6ONLY 2951 if (isc_net_probe_ipv6only() == ISC_R_SUCCESS 2952 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, 2953 (char*)&on, sizeof(on))) 2954 msyslog(LOG_ERR, 2955 "setsockopt IPV6_V6ONLY on fails on address %s: %m", 2956 stoa(addr)); 2957 #endif 2958 #ifdef IPV6_BINDV6ONLY 2959 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY, 2960 (char*)&on, sizeof(on))) 2961 msyslog(LOG_ERR, 2962 "setsockopt IPV6_BINDV6ONLY on fails on address %s: %m", 2963 stoa(addr)); 2964 #endif 2965 } 2966 2967 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 2968 /* 2969 * some OSes don't allow binding to more specific 2970 * addresses if a wildcard address already bound 2971 * to the port and SO_REUSEADDR is not set 2972 */ 2973 if (!is_wildcard_addr(addr)) 2974 set_wildcard_reuse(AF(addr), 1); 2975 #endif 2976 2977 /* 2978 * bind the local address. 2979 */ 2980 errval = bind(fd, &addr->sa, SOCKLEN(addr)); 2981 2982 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 2983 if (!is_wildcard_addr(addr)) 2984 set_wildcard_reuse(AF(addr), 0); 2985 #endif 2986 2987 if (errval < 0) { 2988 /* 2989 * Don't log this under all conditions 2990 */ 2991 if (turn_off_reuse == 0 2992 #ifdef DEBUG 2993 || debug > 1 2994 #endif 2995 ) { 2996 msyslog(LOG_ERR, 2997 "bind(%d) AF_INET%s %s#%d%s flags 0x%x failed: %m", 2998 fd, IS_IPV6(addr) ? "6" : "", 2999 stoa(addr), SRCPORT(addr), 3000 IS_MCAST(addr) ? " (multicast)" : "", 3001 interf->flags); 3002 } 3003 3004 closesocket(fd); 3005 3006 return INVALID_SOCKET; 3007 } 3008 3009 #ifdef HAVE_TIMESTAMP 3010 { 3011 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP, 3012 (char*)&on, sizeof(on))) 3013 msyslog(LOG_DEBUG, 3014 "setsockopt SO_TIMESTAMP on fails on address %s: %m", 3015 stoa(addr)); 3016 else 3017 DPRINTF(4, ("setsockopt SO_TIMESTAMP enabled on fd %d address %s\n", 3018 fd, stoa(addr))); 3019 } 3020 #endif 3021 #ifdef HAVE_TIMESTAMPNS 3022 { 3023 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS, 3024 (char*)&on, sizeof(on))) 3025 msyslog(LOG_DEBUG, 3026 "setsockopt SO_TIMESTAMPNS on fails on address %s: %m", 3027 stoa(addr)); 3028 else 3029 DPRINTF(4, ("setsockopt SO_TIMESTAMPNS enabled on fd %d address %s\n", 3030 fd, stoa(addr))); 3031 } 3032 #endif 3033 #ifdef HAVE_BINTIME 3034 { 3035 if (setsockopt(fd, SOL_SOCKET, SO_BINTIME, 3036 (char*)&on, sizeof(on))) 3037 msyslog(LOG_DEBUG, 3038 "setsockopt SO_BINTIME on fails on address %s: %m", 3039 stoa(addr)); 3040 else 3041 DPRINTF(4, ("setsockopt SO_BINTIME enabled on fd %d address %s\n", 3042 fd, stoa(addr))); 3043 } 3044 #endif 3045 3046 DPRINTF(4, ("bind(%d) AF_INET%s, addr %s%%%d#%d, flags 0x%x\n", 3047 fd, IS_IPV6(addr) ? "6" : "", stoa(addr), 3048 SCOPE(addr), SRCPORT(addr), interf->flags)); 3049 3050 make_socket_nonblocking(fd); 3051 3052 #ifdef HAVE_SIGNALED_IO 3053 init_socket_sig(fd); 3054 #endif /* not HAVE_SIGNALED_IO */ 3055 3056 add_fd_to_list(fd, FD_TYPE_SOCKET); 3057 3058 #if !defined(SYS_WINNT) && !defined(VMS) 3059 DPRINTF(4, ("flags for fd %d: 0x%x\n", fd, 3060 fcntl(fd, F_GETFL, 0))); 3061 #endif /* SYS_WINNT || VMS */ 3062 3063 #if defined (HAVE_IO_COMPLETION_PORT) 3064 /* 3065 * Add the socket to the completion port 3066 */ 3067 if (io_completion_port_add_socket(fd, interf)) { 3068 msyslog(LOG_ERR, "unable to set up io completion port - EXITING"); 3069 exit(1); 3070 } 3071 #endif 3072 return fd; 3073 } 3074 3075 3076 #ifdef SYS_WINNT 3077 #define sendto(fd, buf, len, flags, dest, destsz) \ 3078 io_completion_port_sendto(fd, buf, len, (sockaddr_u *)(dest)) 3079 #endif 3080 3081 /* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */ 3082 /* 3083 * sendpkt - send a packet to the specified destination. Maintain a 3084 * send error cache so that only the first consecutive error for a 3085 * destination is logged. 3086 */ 3087 void 3088 sendpkt( 3089 sockaddr_u * dest, 3090 struct interface * ep, 3091 int ttl, 3092 struct pkt * pkt, 3093 int len 3094 ) 3095 { 3096 endpt * src; 3097 int ismcast; 3098 int cc; 3099 int rc; 3100 u_char cttl; 3101 3102 ismcast = IS_MCAST(dest); 3103 if (!ismcast) 3104 src = ep; 3105 else 3106 src = (IS_IPV4(dest)) 3107 ? mc4_list 3108 : mc6_list; 3109 3110 if (NULL == src) { 3111 /* 3112 * unbound peer - drop request and wait for better 3113 * network conditions 3114 */ 3115 DPRINTF(2, ("%ssendpkt(dst=%s, ttl=%d, len=%d): no interface - IGNORED\n", 3116 ismcast ? "\tMCAST\t***** " : "", 3117 stoa(dest), ttl, len)); 3118 return; 3119 } 3120 3121 do { 3122 DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n", 3123 ismcast ? "\tMCAST\t***** " : "", src->fd, 3124 stoa(dest), stoa(&src->sin), ttl, len)); 3125 #ifdef MCAST 3126 /* 3127 * for the moment we use the bcast option to set multicast ttl 3128 */ 3129 if (ismcast && ttl > 0 && ttl != src->last_ttl) { 3130 /* 3131 * set the multicast ttl for outgoing packets 3132 */ 3133 switch (AF(&src->sin)) { 3134 3135 case AF_INET : 3136 cttl = (u_char)ttl; 3137 rc = setsockopt(src->fd, IPPROTO_IP, 3138 IP_MULTICAST_TTL, 3139 (void *)&cttl, 3140 sizeof(cttl)); 3141 break; 3142 3143 # ifdef INCLUDE_IPV6_SUPPORT 3144 case AF_INET6 : 3145 rc = setsockopt(src->fd, IPPROTO_IPV6, 3146 IPV6_MULTICAST_HOPS, 3147 (void *)&ttl, 3148 sizeof(ttl)); 3149 break; 3150 # endif /* INCLUDE_IPV6_SUPPORT */ 3151 3152 default: 3153 rc = 0; 3154 } 3155 3156 if (!rc) 3157 src->last_ttl = ttl; 3158 else 3159 msyslog(LOG_ERR, 3160 "setsockopt IP_MULTICAST_TTL/IPV6_MULTICAST_HOPS fails on address %s: %m", 3161 stoa(&src->sin)); 3162 } 3163 #endif /* MCAST */ 3164 3165 #ifdef SIM 3166 cc = simulate_server(dest, src, pkt); 3167 #else 3168 cc = sendto(src->fd, (char *)pkt, (u_int)len, 0, 3169 &dest->sa, SOCKLEN(dest)); 3170 #endif 3171 if (cc == -1) { 3172 src->notsent++; 3173 packets_notsent++; 3174 } else { 3175 src->sent++; 3176 packets_sent++; 3177 } 3178 if (ismcast) 3179 src = src->mclink; 3180 } while (ismcast && src != NULL); 3181 } 3182 3183 3184 #if !defined(HAVE_IO_COMPLETION_PORT) 3185 /* 3186 * fdbits - generate ascii representation of fd_set (FAU debug support) 3187 * HFDF format - highest fd first. 3188 */ 3189 static char * 3190 fdbits( 3191 int count, 3192 fd_set *set 3193 ) 3194 { 3195 static char buffer[256]; 3196 char * buf = buffer; 3197 3198 count = min(count, 255); 3199 3200 while (count >= 0) { 3201 *buf++ = FD_ISSET(count, set) ? '#' : '-'; 3202 count--; 3203 } 3204 *buf = '\0'; 3205 3206 return buffer; 3207 } 3208 3209 3210 #ifdef REFCLOCK 3211 /* 3212 * Routine to read the refclock packets for a specific interface 3213 * Return the number of bytes read. That way we know if we should 3214 * read it again or go on to the next one if no bytes returned 3215 */ 3216 static inline int 3217 read_refclock_packet( 3218 SOCKET fd, 3219 struct refclockio * rp, 3220 l_fp ts 3221 ) 3222 { 3223 int i; 3224 int buflen; 3225 int saved_errno; 3226 int consumed; 3227 struct recvbuf * rb; 3228 3229 rb = get_free_recv_buffer(); 3230 3231 if (NULL == rb) { 3232 /* 3233 * No buffer space available - just drop the packet 3234 */ 3235 char buf[RX_BUFF_SIZE]; 3236 3237 buflen = read(fd, buf, sizeof buf); 3238 packets_dropped++; 3239 return (buflen); 3240 } 3241 3242 i = (rp->datalen == 0 3243 || rp->datalen > (int)sizeof(rb->recv_space)) 3244 ? (int)sizeof(rb->recv_space) 3245 : rp->datalen; 3246 do { 3247 buflen = read(fd, (char *)&rb->recv_space, (u_int)i); 3248 } while (buflen < 0 && EINTR == errno); 3249 3250 if (buflen <= 0) { 3251 saved_errno = errno; 3252 freerecvbuf(rb); 3253 errno = saved_errno; 3254 return buflen; 3255 } 3256 3257 /* 3258 * Got one. Mark how and when it got here, 3259 * put it on the full list and do bookkeeping. 3260 */ 3261 rb->recv_length = buflen; 3262 rb->recv_peer = rp->srcclock; 3263 rb->dstadr = 0; 3264 rb->fd = fd; 3265 rb->recv_time = ts; 3266 rb->receiver = rp->clock_recv; 3267 3268 consumed = indicate_refclock_packet(rp, rb); 3269 if (!consumed) { 3270 rp->recvcount++; 3271 packets_received++; 3272 } 3273 3274 return buflen; 3275 } 3276 #endif /* REFCLOCK */ 3277 3278 3279 #ifdef HAVE_PACKET_TIMESTAMP 3280 /* 3281 * extract timestamps from control message buffer 3282 */ 3283 static l_fp 3284 fetch_timestamp( 3285 struct recvbuf * rb, 3286 struct msghdr * msghdr, 3287 l_fp ts 3288 ) 3289 { 3290 struct cmsghdr * cmsghdr; 3291 #ifdef HAVE_BINTIME 3292 struct bintime * btp; 3293 #endif 3294 #ifdef HAVE_TIMESTAMPNS 3295 struct timespec * tsp; 3296 #endif 3297 #ifdef HAVE_TIMESTAMP 3298 struct timeval * tvp; 3299 #endif 3300 unsigned long ticks; 3301 double fuzz; 3302 l_fp lfpfuzz; 3303 l_fp nts; 3304 #ifdef DEBUG_TIMING 3305 l_fp dts; 3306 #endif 3307 3308 cmsghdr = CMSG_FIRSTHDR(msghdr); 3309 while (cmsghdr != NULL) { 3310 switch (cmsghdr->cmsg_type) 3311 { 3312 #ifdef HAVE_BINTIME 3313 case SCM_BINTIME: 3314 #endif /* HAVE_BINTIME */ 3315 #ifdef HAVE_TIMESTAMPNS 3316 case SCM_TIMESTAMPNS: 3317 #endif /* HAVE_TIMESTAMPNS */ 3318 #ifdef HAVE_TIMESTAMP 3319 case SCM_TIMESTAMP: 3320 #endif /* HAVE_TIMESTAMP */ 3321 #if defined(HAVE_BINTIME) || defined (HAVE_TIMESTAMPNS) || defined(HAVE_TIMESTAMP) 3322 switch (cmsghdr->cmsg_type) 3323 { 3324 #ifdef HAVE_BINTIME 3325 case SCM_BINTIME: 3326 btp = (struct bintime *)CMSG_DATA(cmsghdr); 3327 /* 3328 * bintime documentation is at http://phk.freebsd.dk/pubs/timecounter.pdf 3329 */ 3330 nts.l_i = btp->sec + JAN_1970; 3331 nts.l_uf = (u_int32)(btp->frac >> 32); 3332 if (sys_tick > measured_tick && 3333 sys_tick > 1e-9) { 3334 ticks = (unsigned long)(nts.l_uf / (unsigned long)(sys_tick * FRAC)); 3335 nts.l_uf = (unsigned long)(ticks * (unsigned long)(sys_tick * FRAC)); 3336 } 3337 DPRINTF(4, ("fetch_timestamp: system bintime network time stamp: %ld.%09lu\n", 3338 btp->sec, (unsigned long)((nts.l_uf / FRAC) * 1e9))); 3339 break; 3340 #endif /* HAVE_BINTIME */ 3341 #ifdef HAVE_TIMESTAMPNS 3342 case SCM_TIMESTAMPNS: 3343 tsp = (struct timespec *)CMSG_DATA(cmsghdr); 3344 if (sys_tick > measured_tick && 3345 sys_tick > 1e-9) { 3346 ticks = (unsigned long)((tsp->tv_nsec * 1e-9) / 3347 sys_tick); 3348 tsp->tv_nsec = (long)(ticks * 1e9 * 3349 sys_tick); 3350 } 3351 DPRINTF(4, ("fetch_timestamp: system nsec network time stamp: %ld.%09ld\n", 3352 tsp->tv_sec, tsp->tv_nsec)); 3353 nts = tspec_stamp_to_lfp(*tsp); 3354 break; 3355 #endif /* HAVE_TIMESTAMPNS */ 3356 #ifdef HAVE_TIMESTAMP 3357 case SCM_TIMESTAMP: 3358 tvp = (struct timeval *)CMSG_DATA(cmsghdr); 3359 if (sys_tick > measured_tick && 3360 sys_tick > 1e-6) { 3361 ticks = (unsigned long)((tvp->tv_usec * 1e-6) / 3362 sys_tick); 3363 tvp->tv_usec = (long)(ticks * 1e6 * 3364 sys_tick); 3365 } 3366 DPRINTF(4, ("fetch_timestamp: system usec network time stamp: %jd.%06ld\n", 3367 (intmax_t)tvp->tv_sec, (long)tvp->tv_usec)); 3368 nts = tval_stamp_to_lfp(*tvp); 3369 break; 3370 #endif /* HAVE_TIMESTAMP */ 3371 } 3372 fuzz = ntp_random() * 2. / FRAC * sys_fuzz; 3373 DTOLFP(fuzz, &lfpfuzz); 3374 L_ADD(&nts, &lfpfuzz); 3375 #ifdef DEBUG_TIMING 3376 dts = ts; 3377 L_SUB(&dts, &nts); 3378 collect_timing(rb, "input processing delay", 1, 3379 &dts); 3380 DPRINTF(4, ("fetch_timestamp: timestamp delta: %s (incl. fuzz)\n", 3381 lfptoa(&dts, 9))); 3382 #endif /* DEBUG_TIMING */ 3383 ts = nts; /* network time stamp */ 3384 break; 3385 #endif /* HAVE_BINTIME || HAVE_TIMESTAMPNS || HAVE_TIMESTAMP */ 3386 3387 default: 3388 DPRINTF(4, ("fetch_timestamp: skipping control message 0x%x\n", 3389 cmsghdr->cmsg_type)); 3390 } 3391 cmsghdr = CMSG_NXTHDR(msghdr, cmsghdr); 3392 } 3393 return ts; 3394 } 3395 #endif /* HAVE_PACKET_TIMESTAMP */ 3396 3397 3398 /* 3399 * Routine to read the network NTP packets for a specific interface 3400 * Return the number of bytes read. That way we know if we should 3401 * read it again or go on to the next one if no bytes returned 3402 */ 3403 static inline int 3404 read_network_packet( 3405 SOCKET fd, 3406 struct interface * itf, 3407 l_fp ts 3408 ) 3409 { 3410 GETSOCKNAME_SOCKLEN_TYPE fromlen; 3411 int buflen; 3412 register struct recvbuf *rb; 3413 #ifdef HAVE_PACKET_TIMESTAMP 3414 struct msghdr msghdr; 3415 struct iovec iovec; 3416 char control[CMSG_BUFSIZE]; 3417 #endif 3418 3419 /* 3420 * Get a buffer and read the frame. If we 3421 * haven't got a buffer, or this is received 3422 * on a disallowed socket, just dump the 3423 * packet. 3424 */ 3425 3426 rb = get_free_recv_buffer(); 3427 if (NULL == rb || itf->ignore_packets) { 3428 char buf[RX_BUFF_SIZE]; 3429 sockaddr_u from; 3430 3431 if (rb != NULL) 3432 freerecvbuf(rb); 3433 3434 fromlen = sizeof(from); 3435 buflen = recvfrom(fd, buf, sizeof(buf), 0, 3436 &from.sa, &fromlen); 3437 DPRINTF(4, ("%s on (%lu) fd=%d from %s\n", 3438 (itf->ignore_packets) 3439 ? "ignore" 3440 : "drop", 3441 free_recvbuffs(), fd, stoa(&from))); 3442 if (itf->ignore_packets) 3443 packets_ignored++; 3444 else 3445 packets_dropped++; 3446 return (buflen); 3447 } 3448 3449 fromlen = sizeof(rb->recv_srcadr); 3450 3451 #ifndef HAVE_PACKET_TIMESTAMP 3452 rb->recv_length = recvfrom(fd, (char *)&rb->recv_space, 3453 sizeof(rb->recv_space), 0, 3454 &rb->recv_srcadr.sa, &fromlen); 3455 #else 3456 iovec.iov_base = &rb->recv_space; 3457 iovec.iov_len = sizeof(rb->recv_space); 3458 msghdr.msg_name = &rb->recv_srcadr; 3459 msghdr.msg_namelen = fromlen; 3460 msghdr.msg_iov = &iovec; 3461 msghdr.msg_iovlen = 1; 3462 msghdr.msg_control = (void *)&control; 3463 msghdr.msg_controllen = sizeof(control); 3464 msghdr.msg_flags = 0; 3465 rb->recv_length = recvmsg(fd, &msghdr, 0); 3466 #endif 3467 3468 buflen = rb->recv_length; 3469 3470 if (buflen == 0 || (buflen == -1 && 3471 (EWOULDBLOCK == errno 3472 #ifdef EAGAIN 3473 || EAGAIN == errno 3474 #endif 3475 ))) { 3476 freerecvbuf(rb); 3477 return (buflen); 3478 } else if (buflen < 0) { 3479 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: %m", 3480 stoa(&rb->recv_srcadr), fd); 3481 DPRINTF(5, ("read_network_packet: fd=%d dropped (bad recvfrom)\n", 3482 fd)); 3483 freerecvbuf(rb); 3484 return (buflen); 3485 } 3486 3487 DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n", 3488 fd, buflen, stoa(&rb->recv_srcadr))); 3489 3490 /* 3491 ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1 3492 */ 3493 3494 if (AF_INET6 == itf->family) { 3495 DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n", 3496 stoa(&rb->recv_srcadr), 3497 IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)), 3498 stoa(&itf->sin), 3499 !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3500 )); 3501 3502 if ( IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)) 3503 && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) 3504 ) { 3505 packets_dropped++; 3506 DPRINTF(2, ("DROPPING that packet\n")); 3507 freerecvbuf(rb); 3508 return buflen; 3509 } 3510 DPRINTF(2, ("processing that packet\n")); 3511 } 3512 3513 /* 3514 * Got one. Mark how and when it got here, 3515 * put it on the full list and do bookkeeping. 3516 */ 3517 rb->dstadr = itf; 3518 rb->fd = fd; 3519 #ifdef HAVE_PACKET_TIMESTAMP 3520 /* pick up a network time stamp if possible */ 3521 ts = fetch_timestamp(rb, &msghdr, ts); 3522 #endif 3523 rb->recv_time = ts; 3524 rb->receiver = receive; 3525 3526 add_full_recv_buffer(rb); 3527 3528 itf->received++; 3529 packets_received++; 3530 return (buflen); 3531 } 3532 3533 /* 3534 * attempt to handle io (select()/signaled IO) 3535 */ 3536 void 3537 io_handler(void) 3538 { 3539 # ifndef HAVE_SIGNALED_IO 3540 fd_set rdfdes; 3541 int nfound; 3542 3543 /* 3544 * Use select() on all on all input fd's for unlimited 3545 * time. select() will terminate on SIGALARM or on the 3546 * reception of input. Using select() means we can't do 3547 * robust signal handling and we get a potential race 3548 * between checking for alarms and doing the select(). 3549 * Mostly harmless, I think. 3550 */ 3551 /* 3552 * On VMS, I suspect that select() can't be interrupted 3553 * by a "signal" either, so I take the easy way out and 3554 * have select() time out after one second. 3555 * System clock updates really aren't time-critical, 3556 * and - lacking a hardware reference clock - I have 3557 * yet to learn about anything else that is. 3558 */ 3559 rdfdes = activefds; 3560 # if !defined(VMS) && !defined(SYS_VXWORKS) 3561 nfound = select(maxactivefd + 1, &rdfdes, NULL, 3562 NULL, NULL); 3563 # else /* VMS, VxWorks */ 3564 /* make select() wake up after one second */ 3565 { 3566 struct timeval t1; 3567 3568 t1.tv_sec = 1; 3569 t1.tv_usec = 0; 3570 nfound = select(maxactivefd + 1, 3571 &rdfdes, NULL, NULL, 3572 &t1); 3573 } 3574 # endif /* VMS, VxWorks */ 3575 if (nfound > 0) { 3576 l_fp ts; 3577 3578 get_systime(&ts); 3579 3580 input_handler(&ts); 3581 } else if (nfound == -1 && errno != EINTR) { 3582 msyslog(LOG_ERR, "select() error: %m"); 3583 } 3584 # ifdef DEBUG 3585 else if (debug > 4) { 3586 msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound); 3587 } else { 3588 DPRINTF(1, ("select() returned %d: %m\n", nfound)); 3589 } 3590 # endif /* DEBUG */ 3591 # else /* HAVE_SIGNALED_IO */ 3592 wait_for_signal(); 3593 # endif /* HAVE_SIGNALED_IO */ 3594 } 3595 3596 /* 3597 * input_handler - receive packets asynchronously 3598 */ 3599 static void 3600 input_handler( 3601 l_fp * cts 3602 ) 3603 { 3604 int buflen; 3605 int n; 3606 u_int idx; 3607 int doing; 3608 SOCKET fd; 3609 blocking_child *c; 3610 struct timeval tvzero; 3611 l_fp ts; /* Timestamp at BOselect() gob */ 3612 #ifdef DEBUG_TIMING 3613 l_fp ts_e; /* Timestamp at EOselect() gob */ 3614 #endif 3615 fd_set fds; 3616 size_t select_count; 3617 endpt * ep; 3618 #ifdef REFCLOCK 3619 struct refclockio *rp; 3620 int saved_errno; 3621 const char * clk; 3622 #endif 3623 #ifdef HAS_ROUTING_SOCKET 3624 struct asyncio_reader * asyncio_reader; 3625 struct asyncio_reader * next_asyncio_reader; 3626 #endif 3627 3628 handler_calls++; 3629 select_count = 0; 3630 3631 /* 3632 * If we have something to do, freeze a timestamp. 3633 * See below for the other cases (nothing left to do or error) 3634 */ 3635 ts = *cts; 3636 3637 /* 3638 * Do a poll to see who has data 3639 */ 3640 3641 fds = activefds; 3642 tvzero.tv_sec = tvzero.tv_usec = 0; 3643 3644 n = select(maxactivefd + 1, &fds, (fd_set *)0, (fd_set *)0, 3645 &tvzero); 3646 3647 /* 3648 * If there are no packets waiting just return 3649 */ 3650 if (n < 0) { 3651 int err = errno; 3652 int j, b, prior; 3653 /* 3654 * extended FAU debugging output 3655 */ 3656 if (err != EINTR) 3657 msyslog(LOG_ERR, 3658 "select(%d, %s, 0L, 0L, &0.0) error: %m", 3659 maxactivefd + 1, 3660 fdbits(maxactivefd, &activefds)); 3661 if (err != EBADF) 3662 goto ih_return; 3663 for (j = 0, prior = 0; j <= maxactivefd; j++) { 3664 if (FD_ISSET(j, &activefds)) { 3665 if (-1 != read(j, &b, 0)) { 3666 prior = j; 3667 continue; 3668 } 3669 msyslog(LOG_ERR, 3670 "Removing bad file descriptor %d from select set", 3671 j); 3672 FD_CLR(j, &activefds); 3673 if (j == maxactivefd) 3674 maxactivefd = prior; 3675 } 3676 } 3677 goto ih_return; 3678 } 3679 else if (n == 0) 3680 goto ih_return; 3681 3682 ++handler_pkts; 3683 3684 #ifdef REFCLOCK 3685 /* 3686 * Check out the reference clocks first, if any 3687 */ 3688 3689 if (refio != NULL) { 3690 for (rp = refio; rp != NULL; rp = rp->next) { 3691 fd = rp->fd; 3692 3693 if (!FD_ISSET(fd, &fds)) 3694 continue; 3695 ++select_count; 3696 buflen = read_refclock_packet(fd, rp, ts); 3697 /* 3698 * The first read must succeed after select() 3699 * indicates readability, or we've reached 3700 * a permanent EOF. http://bugs.ntp.org/1732 3701 * reported ntpd munching CPU after a USB GPS 3702 * was unplugged because select was indicating 3703 * EOF but ntpd didn't remove the descriptor 3704 * from the activefds set. 3705 */ 3706 if (buflen < 0 && EAGAIN != errno) { 3707 saved_errno = errno; 3708 clk = refnumtoa(&rp->srcclock->srcadr); 3709 errno = saved_errno; 3710 msyslog(LOG_ERR, "%s read: %m", clk); 3711 maintain_activefds(fd, TRUE); 3712 } else if (0 == buflen) { 3713 clk = refnumtoa(&rp->srcclock->srcadr); 3714 msyslog(LOG_ERR, "%s read EOF", clk); 3715 maintain_activefds(fd, TRUE); 3716 } else { 3717 /* drain any remaining refclock input */ 3718 do { 3719 buflen = read_refclock_packet(fd, rp, ts); 3720 } while (buflen > 0); 3721 } 3722 } 3723 } 3724 #endif /* REFCLOCK */ 3725 3726 /* 3727 * Loop through the interfaces looking for data to read. 3728 */ 3729 for (ep = ep_list; ep != NULL; ep = ep->elink) { 3730 for (doing = 0; doing < 2; doing++) { 3731 if (!doing) { 3732 fd = ep->fd; 3733 } else { 3734 if (!(ep->flags & INT_BCASTOPEN)) 3735 break; 3736 fd = ep->bfd; 3737 } 3738 if (fd < 0) 3739 continue; 3740 if (FD_ISSET(fd, &fds)) 3741 do { 3742 ++select_count; 3743 buflen = read_network_packet( 3744 fd, ep, ts); 3745 } while (buflen > 0); 3746 /* Check more interfaces */ 3747 } 3748 } 3749 3750 #ifdef HAS_ROUTING_SOCKET 3751 /* 3752 * scan list of asyncio readers - currently only used for routing sockets 3753 */ 3754 asyncio_reader = asyncio_reader_list; 3755 3756 while (asyncio_reader != NULL) { 3757 /* callback may unlink and free asyncio_reader */ 3758 next_asyncio_reader = asyncio_reader->link; 3759 if (FD_ISSET(asyncio_reader->fd, &fds)) { 3760 ++select_count; 3761 (*asyncio_reader->receiver)(asyncio_reader); 3762 } 3763 asyncio_reader = next_asyncio_reader; 3764 } 3765 #endif /* HAS_ROUTING_SOCKET */ 3766 3767 /* 3768 * Check for a response from a blocking child 3769 */ 3770 for (idx = 0; idx < blocking_children_alloc; idx++) { 3771 c = blocking_children[idx]; 3772 if (NULL == c || -1 == c->resp_read_pipe) 3773 continue; 3774 if (FD_ISSET(c->resp_read_pipe, &fds)) { 3775 select_count++; 3776 process_blocking_resp(c); 3777 } 3778 } 3779 3780 /* 3781 * Done everything from that select. 3782 * If nothing to do, just return. 3783 * If an error occurred, complain and return. 3784 */ 3785 if (select_count == 0) { /* We really had nothing to do */ 3786 #ifdef DEBUG 3787 if (debug) 3788 msyslog(LOG_DEBUG, "input_handler: select() returned 0"); 3789 #endif /* DEBUG */ 3790 goto ih_return; 3791 } 3792 /* We've done our work */ 3793 #ifdef DEBUG_TIMING 3794 get_systime(&ts_e); 3795 /* 3796 * (ts_e - ts) is the amount of time we spent 3797 * processing this gob of file descriptors. Log 3798 * it. 3799 */ 3800 L_SUB(&ts_e, &ts); 3801 collect_timing(NULL, "input handler", 1, &ts_e); 3802 if (debug > 3) 3803 msyslog(LOG_DEBUG, 3804 "input_handler: Processed a gob of fd's in %s msec", 3805 lfptoms(&ts_e, 6)); 3806 #endif /* DEBUG_TIMING */ 3807 /* We're done... */ 3808 ih_return: 3809 return; 3810 } 3811 #endif /* !HAVE_IO_COMPLETION_PORT */ 3812 3813 3814 /* 3815 * find an interface suitable for the src address 3816 */ 3817 endpt * 3818 select_peerinterface( 3819 struct peer * peer, 3820 sockaddr_u * srcadr, 3821 endpt * dstadr 3822 ) 3823 { 3824 endpt *ep; 3825 #ifndef SIM 3826 endpt *wild; 3827 3828 wild = ANY_INTERFACE_CHOOSE(srcadr); 3829 3830 /* 3831 * Initialize the peer structure and dance the interface jig. 3832 * Reference clocks step the loopback waltz, the others 3833 * squaredance around the interface list looking for a buddy. If 3834 * the dance peters out, there is always the wildcard interface. 3835 * This might happen in some systems and would preclude proper 3836 * operation with public key cryptography. 3837 */ 3838 if (ISREFCLOCKADR(srcadr)) { 3839 ep = loopback_interface; 3840 } else if (peer->cast_flags & 3841 (MDF_BCLNT | MDF_ACAST | MDF_MCAST | MDF_BCAST)) { 3842 ep = findbcastinter(srcadr); 3843 if (ep != NULL) 3844 DPRINTF(4, ("Found *-cast interface %s for address %s\n", 3845 stoa(&ep->sin), stoa(srcadr))); 3846 else 3847 DPRINTF(4, ("No *-cast local address found for address %s\n", 3848 stoa(srcadr))); 3849 } else { 3850 ep = dstadr; 3851 if (NULL == ep) 3852 ep = wild; 3853 } 3854 /* 3855 * If it is a multicast address, findbcastinter() may not find 3856 * it. For unicast, we get to find the interface when dstadr is 3857 * given to us as the wildcard (ANY_INTERFACE_CHOOSE). Either 3858 * way, try a little harder. 3859 */ 3860 if (wild == ep) 3861 ep = findinterface(srcadr); 3862 /* 3863 * we do not bind to the wildcard interfaces for output 3864 * as our (network) source address would be undefined and 3865 * crypto will not work without knowing the own transmit address 3866 */ 3867 if (ep != NULL && INT_WILDCARD & ep->flags) 3868 if (!accept_wildcard_if_for_winnt) 3869 ep = NULL; 3870 #else /* SIM follows */ 3871 ep = loopback_interface; 3872 #endif 3873 3874 return ep; 3875 } 3876 3877 3878 /* 3879 * findinterface - find local interface corresponding to address 3880 */ 3881 endpt * 3882 findinterface( 3883 sockaddr_u *addr 3884 ) 3885 { 3886 endpt *iface; 3887 3888 iface = findlocalinterface(addr, INT_WILDCARD, 0); 3889 3890 if (NULL == iface) { 3891 DPRINTF(4, ("Found no interface for address %s - returning wildcard\n", 3892 stoa(addr))); 3893 3894 iface = ANY_INTERFACE_CHOOSE(addr); 3895 } else 3896 DPRINTF(4, ("Found interface #%d %s for address %s\n", 3897 iface->ifnum, iface->name, stoa(addr))); 3898 3899 return iface; 3900 } 3901 3902 /* 3903 * findlocalinterface - find local interface corresponding to addr, 3904 * which does not have any of flags set. If bast is nonzero, addr is 3905 * a broadcast address. 3906 * 3907 * This code attempts to find the local sending address for an outgoing 3908 * address by connecting a new socket to destinationaddress:NTP_PORT 3909 * and reading the sockname of the resulting connect. 3910 * the complicated sequence simulates the routing table lookup 3911 * for to first hop without duplicating any of the routing logic into 3912 * ntpd. preferably we would have used an API call - but its not there - 3913 * so this is the best we can do here short of duplicating to entire routing 3914 * logic in ntpd which would be a silly and really unportable thing to do. 3915 * 3916 */ 3917 static endpt * 3918 findlocalinterface( 3919 sockaddr_u * addr, 3920 int flags, 3921 int bcast 3922 ) 3923 { 3924 GETSOCKNAME_SOCKLEN_TYPE sockaddrlen; 3925 endpt * iface; 3926 sockaddr_u saddr; 3927 SOCKET s; 3928 int rtn; 3929 int on; 3930 3931 DPRINTF(4, ("Finding interface for addr %s in list of addresses\n", 3932 stoa(addr))); 3933 3934 s = socket(AF(addr), SOCK_DGRAM, 0); 3935 if (INVALID_SOCKET == s) 3936 return NULL; 3937 3938 /* 3939 * If we are looking for broadcast interface we need to set this 3940 * socket to allow broadcast 3941 */ 3942 if (bcast) { 3943 on = 1; 3944 if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET, 3945 SO_BROADCAST, 3946 (char *)&on, 3947 sizeof(on))) { 3948 closesocket(s); 3949 return NULL; 3950 } 3951 } 3952 3953 rtn = connect(s, &addr->sa, SOCKLEN(addr)); 3954 if (SOCKET_ERROR == rtn) { 3955 closesocket(s); 3956 return NULL; 3957 } 3958 3959 sockaddrlen = sizeof(saddr); 3960 rtn = getsockname(s, &saddr.sa, &sockaddrlen); 3961 closesocket(s); 3962 if (SOCKET_ERROR == rtn) 3963 return NULL; 3964 3965 DPRINTF(4, ("findlocalinterface: kernel maps %s to %s\n", 3966 stoa(addr), stoa(&saddr))); 3967 3968 iface = getinterface(&saddr, flags); 3969 3970 /* 3971 * if we didn't find an exact match on saddr, find the closest 3972 * available local address. This handles the case of the 3973 * address suggested by the kernel being excluded by nic rules 3974 * or the user's -I and -L options to ntpd. 3975 * See http://bugs.ntp.org/1184 and http://bugs.ntp.org/1683 3976 * for more background. 3977 */ 3978 if (NULL == iface || iface->ignore_packets) 3979 iface = findclosestinterface(&saddr, 3980 flags | INT_LOOPBACK); 3981 3982 /* Don't use an interface which will ignore replies */ 3983 if (iface != NULL && iface->ignore_packets) 3984 iface = NULL; 3985 3986 return iface; 3987 } 3988 3989 3990 /* 3991 * findclosestinterface 3992 * 3993 * If there are -I/--interface or -L/novirtualips command-line options, 3994 * or "nic" or "interface" rules in ntp.conf, findlocalinterface() may 3995 * find the kernel's preferred local address for a given peer address is 3996 * administratively unavailable to ntpd, and punt to this routine's more 3997 * expensive search. 3998 * 3999 * Find the numerically closest local address to the one connect() 4000 * suggested. This matches an address on the same subnet first, as 4001 * needed by Bug 1184, and provides a consistent choice if there are 4002 * multiple feasible local addresses, regardless of the order ntpd 4003 * enumerated them. 4004 */ 4005 endpt * 4006 findclosestinterface( 4007 sockaddr_u * addr, 4008 int flags 4009 ) 4010 { 4011 endpt * ep; 4012 endpt * winner; 4013 sockaddr_u addr_dist; 4014 sockaddr_u min_dist; 4015 4016 ZERO_SOCK(&min_dist); 4017 winner = NULL; 4018 4019 for (ep = ep_list; ep != NULL; ep = ep->elink) { 4020 if (ep->ignore_packets || 4021 AF(addr) != ep->family || 4022 flags & ep->flags) 4023 continue; 4024 4025 calc_addr_distance(&addr_dist, addr, &ep->sin); 4026 if (NULL == winner || 4027 -1 == cmp_addr_distance(&addr_dist, &min_dist)) { 4028 min_dist = addr_dist; 4029 winner = ep; 4030 } 4031 } 4032 if (NULL == winner) 4033 DPRINTF(4, ("findclosestinterface(%s) failed\n", 4034 stoa(addr))); 4035 else 4036 DPRINTF(4, ("findclosestinterface(%s) -> %s\n", 4037 stoa(addr), stoa(&winner->sin))); 4038 4039 return winner; 4040 } 4041 4042 4043 /* 4044 * calc_addr_distance - calculate the distance between two addresses, 4045 * the absolute value of the difference between 4046 * the addresses numerically, stored as an address. 4047 */ 4048 static void 4049 calc_addr_distance( 4050 sockaddr_u * dist, 4051 const sockaddr_u * a1, 4052 const sockaddr_u * a2 4053 ) 4054 { 4055 u_int32 a1val; 4056 u_int32 a2val; 4057 u_int32 v4dist; 4058 int found_greater; 4059 int a1_greater; 4060 int i; 4061 4062 NTP_REQUIRE(AF(a1) == AF(a2)); 4063 4064 ZERO_SOCK(dist); 4065 AF(dist) = AF(a1); 4066 4067 /* v4 can be done a bit simpler */ 4068 if (IS_IPV4(a1)) { 4069 a1val = SRCADR(a1); 4070 a2val = SRCADR(a2); 4071 v4dist = (a1val > a2val) 4072 ? a1val - a2val 4073 : a2val - a1val; 4074 SET_ADDR4(dist, v4dist); 4075 4076 return; 4077 } 4078 4079 found_greater = FALSE; 4080 a1_greater = FALSE; /* suppress pot. uninit. warning */ 4081 for (i = 0; i < (int)sizeof(NSRCADR6(a1)); i++) { 4082 if (!found_greater && 4083 NSRCADR6(a1)[i] != NSRCADR6(a2)[i]) { 4084 found_greater = TRUE; 4085 a1_greater = (NSRCADR6(a1)[i] > NSRCADR6(a2)[i]); 4086 } 4087 if (!found_greater) { 4088 NSRCADR6(dist)[i] = 0; 4089 } else { 4090 if (a1_greater) 4091 NSRCADR6(dist)[i] = NSRCADR6(a1)[i] - 4092 NSRCADR6(a2)[i]; 4093 else 4094 NSRCADR6(dist)[i] = NSRCADR6(a2)[i] - 4095 NSRCADR6(a1)[i]; 4096 } 4097 } 4098 } 4099 4100 4101 /* 4102 * cmp_addr_distance - compare two address distances, returning -1, 0, 4103 * 1 to indicate their relationship. 4104 */ 4105 static int 4106 cmp_addr_distance( 4107 const sockaddr_u * d1, 4108 const sockaddr_u * d2 4109 ) 4110 { 4111 int i; 4112 4113 NTP_REQUIRE(AF(d1) == AF(d2)); 4114 4115 if (IS_IPV4(d1)) { 4116 if (SRCADR(d1) < SRCADR(d2)) 4117 return -1; 4118 else if (SRCADR(d1) == SRCADR(d2)) 4119 return 0; 4120 else 4121 return 1; 4122 } 4123 4124 for (i = 0; i < (int)sizeof(NSRCADR6(d1)); i++) { 4125 if (NSRCADR6(d1)[i] < NSRCADR6(d2)[i]) 4126 return -1; 4127 else if (NSRCADR6(d1)[i] > NSRCADR6(d2)[i]) 4128 return 1; 4129 } 4130 4131 return 0; 4132 } 4133 4134 4135 4136 /* 4137 * fetch an interface structure the matches the 4138 * address and has the given flags NOT set 4139 */ 4140 endpt * 4141 getinterface( 4142 sockaddr_u * addr, 4143 u_int32 flags 4144 ) 4145 { 4146 endpt *iface; 4147 4148 iface = find_addr_in_list(addr); 4149 4150 if (iface != NULL && (iface->flags & flags)) 4151 iface = NULL; 4152 4153 return iface; 4154 } 4155 4156 4157 /* 4158 * findbcastinter - find broadcast interface corresponding to address 4159 */ 4160 endpt * 4161 findbcastinter( 4162 sockaddr_u *addr 4163 ) 4164 { 4165 endpt * iface; 4166 4167 iface = NULL; 4168 #if !defined(MPE) && (defined(SIOCGIFCONF) || defined(SYS_WINNT)) 4169 DPRINTF(4, ("Finding broadcast/multicast interface for addr %s in list of addresses\n", 4170 stoa(addr))); 4171 4172 iface = findlocalinterface(addr, INT_LOOPBACK | INT_WILDCARD, 4173 1); 4174 if (iface != NULL) { 4175 DPRINTF(4, ("Easily found bcast-/mcast- interface index #%d %s\n", 4176 iface->ifnum, iface->name)); 4177 return iface; 4178 } 4179 4180 /* 4181 * plan B - try to find something reasonable in our lists in 4182 * case kernel lookup doesn't help 4183 */ 4184 for (iface = ep_list; iface != NULL; iface = iface->elink) { 4185 if (iface->flags & INT_WILDCARD) 4186 continue; 4187 4188 /* Don't bother with ignored interfaces */ 4189 if (iface->ignore_packets) 4190 continue; 4191 4192 /* 4193 * First look if this is the correct family 4194 */ 4195 if(AF(&iface->sin) != AF(addr)) 4196 continue; 4197 4198 /* Skip the loopback addresses */ 4199 if (iface->flags & INT_LOOPBACK) 4200 continue; 4201 4202 /* 4203 * If we are looking to match a multicast address and 4204 * this interface is one... 4205 */ 4206 if (addr_ismulticast(addr) 4207 && (iface->flags & INT_MULTICAST)) { 4208 #ifdef INCLUDE_IPV6_SUPPORT 4209 /* 4210 * ...it is the winner unless we're looking for 4211 * an interface to use for link-local multicast 4212 * and its address is not link-local. 4213 */ 4214 if (IS_IPV6(addr) 4215 && IN6_IS_ADDR_MC_LINKLOCAL(PSOCK_ADDR6(addr)) 4216 && !IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&iface->sin))) 4217 continue; 4218 #endif 4219 break; 4220 } 4221 4222 /* 4223 * We match only those interfaces marked as 4224 * broadcastable and either the explicit broadcast 4225 * address or the network portion of the IP address. 4226 * Sloppy. 4227 */ 4228 if (IS_IPV4(addr)) { 4229 if (SOCK_EQ(&iface->bcast, addr)) 4230 break; 4231 4232 if ((NSRCADR(&iface->sin) & NSRCADR(&iface->mask)) 4233 == (NSRCADR(addr) & NSRCADR(&iface->mask))) 4234 break; 4235 } 4236 #ifdef INCLUDE_IPV6_SUPPORT 4237 else if (IS_IPV6(addr)) { 4238 if (SOCK_EQ(&iface->bcast, addr)) 4239 break; 4240 4241 if (SOCK_EQ(netof(&iface->sin), netof(addr))) 4242 break; 4243 } 4244 #endif 4245 } 4246 #endif /* SIOCGIFCONF */ 4247 if (NULL == iface) { 4248 DPRINTF(4, ("No bcast interface found for %s\n", 4249 stoa(addr))); 4250 iface = ANY_INTERFACE_CHOOSE(addr); 4251 } else { 4252 DPRINTF(4, ("Found bcast-/mcast- interface index #%d %s\n", 4253 iface->ifnum, iface->name)); 4254 } 4255 4256 return iface; 4257 } 4258 4259 4260 /* 4261 * io_clr_stats - clear I/O module statistics 4262 */ 4263 void 4264 io_clr_stats(void) 4265 { 4266 packets_dropped = 0; 4267 packets_ignored = 0; 4268 packets_received = 0; 4269 packets_sent = 0; 4270 packets_notsent = 0; 4271 4272 handler_calls = 0; 4273 handler_pkts = 0; 4274 io_timereset = current_time; 4275 } 4276 4277 4278 #ifdef REFCLOCK 4279 /* 4280 * io_addclock - add a reference clock to the list and arrange that we 4281 * get SIGIO interrupts from it. 4282 */ 4283 int 4284 io_addclock( 4285 struct refclockio *rio 4286 ) 4287 { 4288 BLOCKIO(); 4289 4290 /* 4291 * Stuff the I/O structure in the list and mark the descriptor 4292 * in use. There is a harmless (I hope) race condition here. 4293 */ 4294 rio->active = TRUE; 4295 4296 # ifdef HAVE_SIGNALED_IO 4297 if (init_clock_sig(rio)) { 4298 UNBLOCKIO(); 4299 return 0; 4300 } 4301 # elif defined(HAVE_IO_COMPLETION_PORT) 4302 if (io_completion_port_add_clock_io(rio)) { 4303 UNBLOCKIO(); 4304 return 0; 4305 } 4306 # endif 4307 4308 /* 4309 * enqueue 4310 */ 4311 LINK_SLIST(refio, rio, next); 4312 4313 /* 4314 * register fd 4315 */ 4316 add_fd_to_list(rio->fd, FD_TYPE_FILE); 4317 4318 UNBLOCKIO(); 4319 return 1; 4320 } 4321 4322 4323 /* 4324 * io_closeclock - close the clock in the I/O structure given 4325 */ 4326 void 4327 io_closeclock( 4328 struct refclockio *rio 4329 ) 4330 { 4331 struct refclockio *unlinked; 4332 4333 BLOCKIO(); 4334 4335 /* 4336 * Remove structure from the list 4337 */ 4338 rio->active = FALSE; 4339 UNLINK_SLIST(unlinked, refio, rio, next, struct refclockio); 4340 if (NULL != unlinked) { 4341 purge_recv_buffers_for_fd(rio->fd); 4342 /* 4343 * Close the descriptor. 4344 */ 4345 close_and_delete_fd_from_list(rio->fd); 4346 } 4347 rio->fd = -1; 4348 4349 UNBLOCKIO(); 4350 } 4351 #endif /* REFCLOCK */ 4352 4353 4354 /* 4355 * On NT a SOCKET is an unsigned int so we cannot possibly keep it in 4356 * an array. So we use one of the ISC_LIST functions to hold the 4357 * socket value and use that when we want to enumerate it. 4358 * 4359 * This routine is called by the forked intres child process to close 4360 * all open sockets. On Windows there's no need as intres runs in 4361 * the same process as a thread. 4362 */ 4363 #ifndef SYS_WINNT 4364 void 4365 kill_asyncio( 4366 int startfd 4367 ) 4368 { 4369 BLOCKIO(); 4370 4371 /* 4372 * In the child process we do not maintain activefds and 4373 * maxactivefd. Zeroing maxactivefd disables code which 4374 * maintains it in close_and_delete_fd_from_list(). 4375 */ 4376 maxactivefd = 0; 4377 4378 while (fd_list != NULL) 4379 close_and_delete_fd_from_list(fd_list->fd); 4380 4381 UNBLOCKIO(); 4382 } 4383 #endif /* !SYS_WINNT */ 4384 4385 4386 /* 4387 * Add and delete functions for the list of open sockets 4388 */ 4389 static void 4390 add_fd_to_list( 4391 SOCKET fd, 4392 enum desc_type type 4393 ) 4394 { 4395 vsock_t *lsock = emalloc(sizeof(*lsock)); 4396 4397 lsock->fd = fd; 4398 lsock->type = type; 4399 4400 LINK_SLIST(fd_list, lsock, link); 4401 maintain_activefds(fd, 0); 4402 } 4403 4404 4405 static void 4406 close_and_delete_fd_from_list( 4407 SOCKET fd 4408 ) 4409 { 4410 vsock_t *lsock; 4411 4412 UNLINK_EXPR_SLIST(lsock, fd_list, fd == 4413 UNLINK_EXPR_SLIST_CURRENT()->fd, link, vsock_t); 4414 4415 if (NULL == lsock) 4416 return; 4417 4418 switch (lsock->type) { 4419 4420 case FD_TYPE_SOCKET: 4421 closesocket(lsock->fd); 4422 break; 4423 4424 case FD_TYPE_FILE: 4425 closeserial(lsock->fd); 4426 break; 4427 4428 default: 4429 msyslog(LOG_ERR, 4430 "internal error - illegal descriptor type %d - EXITING", 4431 (int)lsock->type); 4432 exit(1); 4433 } 4434 4435 free(lsock); 4436 /* 4437 * remove from activefds 4438 */ 4439 maintain_activefds(fd, 1); 4440 } 4441 4442 4443 static void 4444 add_addr_to_list( 4445 sockaddr_u * addr, 4446 endpt * ep 4447 ) 4448 { 4449 remaddr_t *laddr; 4450 4451 #ifdef DEBUG 4452 if (find_addr_in_list(addr) == NULL) { 4453 #endif 4454 /* not there yet - add to list */ 4455 laddr = emalloc(sizeof(*laddr)); 4456 laddr->addr = *addr; 4457 laddr->ep = ep; 4458 4459 LINK_SLIST(remoteaddr_list, laddr, link); 4460 4461 DPRINTF(4, ("Added addr %s to list of addresses\n", 4462 stoa(addr))); 4463 #ifdef DEBUG 4464 } else 4465 DPRINTF(4, ("WARNING: Attempt to add duplicate addr %s to address list\n", 4466 stoa(addr))); 4467 #endif 4468 } 4469 4470 4471 static void 4472 delete_addr_from_list( 4473 sockaddr_u *addr 4474 ) 4475 { 4476 remaddr_t *unlinked; 4477 4478 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, SOCK_EQ(addr, 4479 &(UNLINK_EXPR_SLIST_CURRENT()->addr)), link, remaddr_t); 4480 4481 if (unlinked != NULL) { 4482 DPRINTF(4, ("Deleted addr %s from list of addresses\n", 4483 stoa(addr))); 4484 free(unlinked); 4485 } 4486 } 4487 4488 4489 static void 4490 delete_interface_from_list( 4491 endpt *iface 4492 ) 4493 { 4494 remaddr_t *unlinked; 4495 4496 for (;;) { 4497 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, iface == 4498 UNLINK_EXPR_SLIST_CURRENT()->ep, link, 4499 remaddr_t); 4500 4501 if (unlinked == NULL) 4502 break; 4503 DPRINTF(4, ("Deleted addr %s for interface #%d %s from list of addresses\n", 4504 stoa(&unlinked->addr), iface->ifnum, 4505 iface->name)); 4506 free(unlinked); 4507 } 4508 } 4509 4510 4511 static struct interface * 4512 find_addr_in_list( 4513 sockaddr_u *addr 4514 ) 4515 { 4516 remaddr_t *entry; 4517 4518 DPRINTF(4, ("Searching for addr %s in list of addresses - ", 4519 stoa(addr))); 4520 4521 for (entry = remoteaddr_list; 4522 entry != NULL; 4523 entry = entry->link) 4524 if (SOCK_EQ(&entry->addr, addr)) { 4525 DPRINTF(4, ("FOUND\n")); 4526 return entry->ep; 4527 } 4528 4529 DPRINTF(4, ("NOT FOUND\n")); 4530 return NULL; 4531 } 4532 4533 4534 /* 4535 * Find the given address with the all given flags set in the list 4536 */ 4537 static endpt * 4538 find_flagged_addr_in_list( 4539 sockaddr_u * addr, 4540 u_int32 flags 4541 ) 4542 { 4543 remaddr_t *entry; 4544 4545 DPRINTF(4, ("Finding addr %s with flags %d in list: ", 4546 stoa(addr), flags)); 4547 4548 for (entry = remoteaddr_list; 4549 entry != NULL; 4550 entry = entry->link) 4551 4552 if (SOCK_EQ(&entry->addr, addr) 4553 && (entry->ep->flags & flags) == flags) { 4554 4555 DPRINTF(4, ("FOUND\n")); 4556 return entry->ep; 4557 } 4558 4559 DPRINTF(4, ("NOT FOUND\n")); 4560 return NULL; 4561 } 4562 4563 4564 const char * 4565 localaddrtoa( 4566 endpt *la 4567 ) 4568 { 4569 return (NULL == la) 4570 ? "<null>" 4571 : stoa(&la->sin); 4572 } 4573 4574 4575 #ifdef HAS_ROUTING_SOCKET 4576 # ifndef UPDATE_GRACE 4577 # define UPDATE_GRACE 2 /* wait UPDATE_GRACE seconds before scanning */ 4578 # endif 4579 4580 static void 4581 process_routing_msgs(struct asyncio_reader *reader) 4582 { 4583 char buffer[5120]; 4584 int cnt, msg_type; 4585 #ifdef HAVE_RTNETLINK 4586 struct nlmsghdr *nh; 4587 #else 4588 struct rt_msghdr rtm; 4589 char *p; 4590 #endif 4591 4592 if (disable_dynamic_updates) { 4593 /* 4594 * discard ourselves if we are not needed any more 4595 * usually happens when running unprivileged 4596 */ 4597 remove_asyncio_reader(reader); 4598 delete_asyncio_reader(reader); 4599 return; 4600 } 4601 4602 cnt = read(reader->fd, buffer, sizeof(buffer)); 4603 4604 if (cnt < 0) { 4605 msyslog(LOG_ERR, 4606 "i/o error on routing socket %m - disabling"); 4607 remove_asyncio_reader(reader); 4608 delete_asyncio_reader(reader); 4609 return; 4610 } 4611 4612 /* 4613 * process routing message 4614 */ 4615 #ifdef HAVE_RTNETLINK 4616 for (nh = (struct nlmsghdr *)buffer; 4617 NLMSG_OK(nh, cnt); 4618 nh = NLMSG_NEXT(nh, cnt)) { 4619 msg_type = nh->nlmsg_type; 4620 #else 4621 for (p = buffer; 4622 (p + sizeof(struct rt_msghdr)) <= (buffer + cnt); 4623 p += rtm.rtm_msglen) { 4624 memcpy(&rtm, p, sizeof(rtm)); 4625 if (rtm.rtm_version != RTM_VERSION) { 4626 msyslog(LOG_ERR, 4627 "version mismatch (got %d - expected %d) on routing socket - disabling", 4628 rtm.rtm_version, RTM_VERSION); 4629 4630 remove_asyncio_reader(reader); 4631 delete_asyncio_reader(reader); 4632 return; 4633 } 4634 msg_type = rtm.rtm_type; 4635 #endif 4636 switch (msg_type) { 4637 #ifdef RTM_NEWADDR 4638 case RTM_NEWADDR: 4639 #endif 4640 #ifdef RTM_DELADDR 4641 case RTM_DELADDR: 4642 #endif 4643 #ifdef RTM_ADD 4644 case RTM_ADD: 4645 #endif 4646 #ifdef RTM_DELETE 4647 case RTM_DELETE: 4648 #endif 4649 #ifdef RTM_REDIRECT 4650 case RTM_REDIRECT: 4651 #endif 4652 #ifdef RTM_CHANGE 4653 case RTM_CHANGE: 4654 #endif 4655 #ifdef RTM_LOSING 4656 case RTM_LOSING: 4657 #endif 4658 #ifdef RTM_IFINFO 4659 case RTM_IFINFO: 4660 #endif 4661 #ifdef RTM_IFANNOUNCE 4662 case RTM_IFANNOUNCE: 4663 #endif 4664 #ifdef RTM_NEWLINK 4665 case RTM_NEWLINK: 4666 #endif 4667 #ifdef RTM_DELLINK 4668 case RTM_DELLINK: 4669 #endif 4670 #ifdef RTM_NEWROUTE 4671 case RTM_NEWROUTE: 4672 #endif 4673 #ifdef RTM_DELROUTE 4674 case RTM_DELROUTE: 4675 #endif 4676 /* 4677 * we are keen on new and deleted addresses and 4678 * if an interface goes up and down or routing 4679 * changes 4680 */ 4681 DPRINTF(3, ("routing message op = %d: scheduling interface update\n", 4682 msg_type)); 4683 timer_interfacetimeout(current_time + UPDATE_GRACE); 4684 break; 4685 #ifdef HAVE_RTNETLINK 4686 case NLMSG_DONE: 4687 /* end of multipart message */ 4688 return; 4689 #endif 4690 default: 4691 /* 4692 * the rest doesn't bother us. 4693 */ 4694 DPRINTF(4, ("routing message op = %d: ignored\n", 4695 msg_type)); 4696 break; 4697 } 4698 } 4699 } 4700 4701 /* 4702 * set up routing notifications 4703 */ 4704 static void 4705 init_async_notifications() 4706 { 4707 struct asyncio_reader *reader; 4708 #ifdef HAVE_RTNETLINK 4709 int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); 4710 struct sockaddr_nl sa; 4711 #else 4712 int fd = socket(PF_ROUTE, SOCK_RAW, 0); 4713 #endif 4714 if (fd < 0) { 4715 msyslog(LOG_ERR, 4716 "unable to open routing socket (%m) - using polled interface update"); 4717 return; 4718 } 4719 4720 fd = move_fd(fd); 4721 #ifdef HAVE_RTNETLINK 4722 ZERO(sa); 4723 sa.nl_family = PF_NETLINK; 4724 sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR 4725 | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE 4726 | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE 4727 | RTMGRP_IPV6_MROUTE; 4728 if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { 4729 msyslog(LOG_ERR, 4730 "bind failed on routing socket (%m) - using polled interface update"); 4731 return; 4732 } 4733 #endif 4734 make_socket_nonblocking(fd); 4735 #if defined(HAVE_SIGNALED_IO) 4736 init_socket_sig(fd); 4737 #endif /* HAVE_SIGNALED_IO */ 4738 4739 reader = new_asyncio_reader(); 4740 4741 reader->fd = fd; 4742 reader->receiver = process_routing_msgs; 4743 4744 add_asyncio_reader(reader, FD_TYPE_SOCKET); 4745 msyslog(LOG_INFO, 4746 "Listening on routing socket on fd #%d for interface updates", 4747 fd); 4748 } 4749 #else 4750 /* HAS_ROUTING_SOCKET not defined */ 4751 static void 4752 init_async_notifications(void) 4753 { 4754 } 4755 #endif 4756 4757